Free Practice Questions for ISC2 Systems Security Certified Practitioner Certification
Study with 349 exam-style practice questions designed to help you prepare for the ISC2 Systems Security Certified Practitioner.
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about ISC2 Systems Security Certified Practitioner
- Multiple choice
- Matching
English, Japanese, Spanish
Multiple choice and advanced item types
700 out of 1000 points
Minimum of one-year full-time experience in one or more of the SSCP domains. A post-secondary degree in computer science, IT, or related fields may satisfy up to one year of experience. Part-time work and internships may also count.
Pearson VUE Testing Center
120 minutes
100 - 125
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Security Concepts and Practices(16%%)
Comply with codes of ethics
- ISC2 Code of Ethics
- Organizational code of ethics
Understand security concepts
- Confidentiality
- Integrity
- Availability
- Accountability
- Non-repudiation
- Least privilege
- Separation of duties (SoD)
Identify and implement security controls
- Technical controls
- Physical controls
- Administrative controls
- Assessing compliance requirements
- Periodic audit and review
Document and maintain functional security controls
- Deterrent controls
- Preventative controls
- Detective controls
- Corrective controls
- Compensating controls
Support and implement asset management lifecycle
- Process, planning, design and initiation
- Development /Acquisition (DevSecOps, testing)
- Inventory and licensing (open source, closed-source)
- Implementation/Assessment
- Operation/Maintenance/End of Life (EOL)
- Archival and retention requirements
- Disposal and destruction
Support and/or implement change management lifecycle
- Change management
- Security impact analysis
- Configuration management (CM)
Support and/or implement security awareness and training
- Social engineering
- Phishing
- Tabletop exercises
- Awareness communications
Collaborate with physical security operations
- Data center/facility assessment
- Badging and visitor management
- Personal device restrictions
Access Controls(15%%)
Implement and maintain authentication methods
- Single/Multi-factor authentication (MFA)
- Single sign-on (SSO)
- Device authentication
- Federated access
Understand and support internetwork trust architectures
- Trust relationships
- Internet, intranet, extranet, and demilitarized zone (DMZ)
- Third-party connections
Support and/or implement the identity management lifecycle
- Authorization
- Proofing
- Provisioning/De-provisioning
- Monitoring, Reporting, and Maintenance
- Entitlement
- Identity and access management (IAM) systems
Understand and administer access controls
- Mandatory
- Discretionary
- Role-based
- Rule-based
- Attribute-based
Risk Identification, Monitoring and Analysis(15%%)
Understand risk management
- Risk visibility and reporting
- Risk management concepts
- Risk management frameworks
- Risk tolerance
- Risk treatment
Understand legal and regulatory concerns
- Jurisdiction
- Limitations
- Privacy
Perform security assessments and vulnerability management activities
- Risk management frameworks implementation
- Security testing
- Risk review
- Vulnerability management lifecycle
Operate and monitor security platforms
- Source systems
- Events of interest
- Log management
- Security information and event management (SIEM)
Analyze monitoring results
- Security baselines and anomalies
- Visualizations, metrics, and trends
- Event data analysis
- Document and communicate findings
Incident Response and Recovery(14%%)
Understand and support incident response lifecycle
- Preparation
- Detection, analysis, and escalation
- Containment
- Eradication
- Recovery
- Post incident activities
Understand and support forensic investigations
- Legal and ethical principles
- Evidence handling
- Reporting of analysis
- Organization Security Policy Compliance
Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities
- Emergency response plans and procedures
- Interim or alternate processing strategies
- Restoration planning
- Backup and redundancy implementation
- Testing and drills
Cryptography(9%%)
Understand reasons and requirements for cryptography
- Confidentiality
- Integrity and authenticity
- Data sensitivity
- Regulatory and industry best practice
- Cryptography entropy
Apply cryptography concepts
- Hashing
- Salting
- Symmetric/Asymmetric encryption/Elliptic curve cryptography (ECC)
- Non-repudiation
- Strength of encryption algorithms and keys
- Cryptographic attacks and cryptanalysis
Understand and implement secure protocols
- Services and protocols
- Common use cases
- Limitations and vulnerabilities
Understand and support public key infrastructure (PKI) systems
- Fundamental key management concepts
- Web of Trust (WOT)
Network and Communications Security(16%%)
Understand and apply fundamental concepts of networking
- Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
- Network topologies
- Network relationships
- Transmission media types
- Software-defined networking (SDN)
- Commonly used ports and protocols
Understand network attacks
- Distributed denial of service (DDoS)
- Man-in-the-middle (MITM)
- Domain Name System (DNS) cache poisoning
- Countermeasures
Manage network access controls
- Network access controls, standards and protocols
- Remote access operation and configuration
Manage network security
- Logical and physical placement of network devices
- Segmentation
- Secure device management
Operate and configure network-based security appliances and services
- Firewalls and proxies
- Intrusion detection systems (IDS) and intrusion prevention systems (IPS)
- Routers and switches
- Traffic-shaping devices
- Network Access Control (NAC)
- Data Loss Prevention (DLP)
- Unified Threat Management (UTM)
Secure wireless communications
- Technologies
- Authentication and encryption protocols
Secure and monitor Internet of Things (IoT)
- Configuration
- Network isolation
- Firmware updates
- End of Life (EOL) management
Systems and Application Security(15%%)
Identify and analyze malicious code and activity
- Malware
- Malware countermeasures
- Types of malicious activity
- Malicious activity countermeasures
- Social engineering methods
- Behavior analytics
Implement and operate endpoint device security
- Host-based intrusion prevention system (HIPS)
- Host-based intrusion detection system (HIDS)
- Host-based firewalls
- Application whitelisting
- Endpoint encryption
- Trusted Platform Module (TPM)
- Secure browsing
Endpoint detection and response (EDR)
- Endpoint detection and response (EDR)
Understand and configure cloud security
- Deployment models
- Service models
- Virtualization
- Legal and regulatory concerns
- Third-party/Outsourcing requirements
- Shared responsibility model
- Data storage, processing, and transmission
Operate and maintain secure virtual environments
- Provisioning techniques
- Containerization
- Encryption
- Mobile application management
- Hypervisor
- Virtual appliances
- Containers
- Continuity and resilience
- Storage management
- Threats, attacks, and countermeasures
Techniques & products