SSCP EXAM PREP: 2025–2026 LATEST PRACTICE
QUESTIONS WITH MOST TESTED QUESTIONS
(HARVARD STYLE)
Is the term used in business continuity to identify the maximum targeted period in which data can be
lost without severely impacting the recovery of operations. For example, if a business process could
not lose more than one day's worth of data. The acceptable data loss in case of a disruption of
operations. It indicates the earliest point in time that is acceptable to recover the data.
RTO
RPO
MTD
MTO
RPO
Is a term used in business continuity to identify the planned recovery time for a process or system
which should occur before reaching the business process's maximum tolerable downtime. The
amount of time allowed for the recovery of a business function or resource after a disaster occurs:
RTO
RPO
MTD
MTO
RTO
Represents the total amount of downtime that can occur without causing significant harm to the
organization's mission:
RTO
RPO
MTD
MTO
MTD
,Is the maximum time that an enterprise can support processing in alternate mode. Sets the objective
of the time period for the business continuity solutions to transit to normal mode
RTO
RPO
MTD
MTO/MAO
MTO - Max tolerable outage. MTO this is also referred to as maximum acceptable outage or MAO.
What type of inbound packet is characteristic of a ping flood attack?
ICMP echo reply
ICMP route changed
ICMP echo request
ICMP destination unreachable
ICMP echo request
Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many
disks may fail without the loss of data?
0
2
1
3
1
Alison is examining a digital certificate presented to her by her bank’s website. Which one of the
following requirements is not necessary for her to trust the digital certificate?
She verifies that the certificate is not listed on a CRL.
She verifies the digital signature on the certificate.
She trusts the certificate authority.
She knows that the server belongs to the bank.
,Alison is examining a digital certificate presented to her by her bank’s website. Which one of the
following requirements is not necessary for her to trust the digital certificate?
She knows that the server belongs to the bank.
James has opted to implement a NAC solution that uses a post-admission philosophy for its control
of network connectivity. What type of issues can’t a strictly post-admission policy handle?
Preventing an unpatched laptop from being exploited immediately after connecting to the network
When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the
certificate?
CA’s private key
Renee’s private key
Renee’s public key
CA’s public key
CA's public key
Which of the following would best describe secondary evidence?
Evidence that proves a specific act
Oral testimony by an expert witness
A copy of a piece of evidence
Oral testimony by a non-expert witness
A copy of a piece of evidence
, Patching a system, ending a process, rebooting a system, quarantine a virus are all technical controls
that are:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Technical, Corrective
CCTV, Surveillance cameras, and logs are examples of:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Physical, Detective
Policies, separations of duties, classifications are examples of:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Administrative, Preventative
Tommy handles access control requests for his organization. A user approaches him and explains that
he needs access to the human resources database to complete a headcount analysis requested by
the CFO. What has the user demonstrated successfully to Tommy?
Clearance
Separation of duties
Need to know
Isolation
Need to know
His supervisor (who is on holiday leave) has apparently logged on remotely, used remote desktop
features to take control of Pedro’s system, and is trying to dump huge amounts of chemicals into the
water being treated.
QUESTIONS WITH MOST TESTED QUESTIONS
(HARVARD STYLE)
Is the term used in business continuity to identify the maximum targeted period in which data can be
lost without severely impacting the recovery of operations. For example, if a business process could
not lose more than one day's worth of data. The acceptable data loss in case of a disruption of
operations. It indicates the earliest point in time that is acceptable to recover the data.
RTO
RPO
MTD
MTO
RPO
Is a term used in business continuity to identify the planned recovery time for a process or system
which should occur before reaching the business process's maximum tolerable downtime. The
amount of time allowed for the recovery of a business function or resource after a disaster occurs:
RTO
RPO
MTD
MTO
RTO
Represents the total amount of downtime that can occur without causing significant harm to the
organization's mission:
RTO
RPO
MTD
MTO
MTD
,Is the maximum time that an enterprise can support processing in alternate mode. Sets the objective
of the time period for the business continuity solutions to transit to normal mode
RTO
RPO
MTD
MTO/MAO
MTO - Max tolerable outage. MTO this is also referred to as maximum acceptable outage or MAO.
What type of inbound packet is characteristic of a ping flood attack?
ICMP echo reply
ICMP route changed
ICMP echo request
ICMP destination unreachable
ICMP echo request
Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many
disks may fail without the loss of data?
0
2
1
3
1
Alison is examining a digital certificate presented to her by her bank’s website. Which one of the
following requirements is not necessary for her to trust the digital certificate?
She verifies that the certificate is not listed on a CRL.
She verifies the digital signature on the certificate.
She trusts the certificate authority.
She knows that the server belongs to the bank.
,Alison is examining a digital certificate presented to her by her bank’s website. Which one of the
following requirements is not necessary for her to trust the digital certificate?
She knows that the server belongs to the bank.
James has opted to implement a NAC solution that uses a post-admission philosophy for its control
of network connectivity. What type of issues can’t a strictly post-admission policy handle?
Preventing an unpatched laptop from being exploited immediately after connecting to the network
When Mike receives Renee’s digital certificate, what key does he use to verify the authenticity of the
certificate?
CA’s private key
Renee’s private key
Renee’s public key
CA’s public key
CA's public key
Which of the following would best describe secondary evidence?
Evidence that proves a specific act
Oral testimony by an expert witness
A copy of a piece of evidence
Oral testimony by a non-expert witness
A copy of a piece of evidence
, Patching a system, ending a process, rebooting a system, quarantine a virus are all technical controls
that are:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Technical, Corrective
CCTV, Surveillance cameras, and logs are examples of:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Physical, Detective
Policies, separations of duties, classifications are examples of:
Control Type: Physical, Technical, Administrative
Control Function: Preventative, Detective, Corrective
Administrative, Preventative
Tommy handles access control requests for his organization. A user approaches him and explains that
he needs access to the human resources database to complete a headcount analysis requested by
the CFO. What has the user demonstrated successfully to Tommy?
Clearance
Separation of duties
Need to know
Isolation
Need to know
His supervisor (who is on holiday leave) has apparently logged on remotely, used remote desktop
features to take control of Pedro’s system, and is trying to dump huge amounts of chemicals into the
water being treated.
