Jelen, our agent, worked on a myriad of logistic details and handled the business side of the book with her usual grace and commitment to excellence. Ben Malisow, our technical editor, continues to provide wonderful input and suggestions that keep us on our toes and help us produce a high-quality final product. Lily Miller served as the project editor and managed the project smoothly.
About the Authors
Mike Chapple, Ph.D., Security+, CISSP, CISA, PenTest+, CySA+, is teaching professor of IT, analytics, and operations at the University of Notre Dame. He is also academic director of the university’s master’s program in business analytics.
Mike is a cybersecurity professional with more than 20 years of experience in the field. Prior to his current role, Mike served as the senior director for IT service delivery at Notre Dame, where he oversaw the university’s cybersecurity program, cloud computing efforts, and other areas. Mike also previously served as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force.
Mike is a frequent contributor to several magazines and websites and is the author or coauthor of more than 25 books including CISSP Official (ISC)2 Study Guide, CISSP Official (ISC)2 Practice Tests, CompTIA CySA+ Study Guide, and CompTIA CySA+ Practice Tests, all from Wiley, and Cyberwarfare: Information Operations in a Connected World from Jones and Bartlett.
Mike offers free study groups for the PenTest+, CySA+, Security+, CISSP, and SSCP certifications at his website, certmike.com.
David Seidl is the Vice President for Information Technology and CIO at Miami University of Ohio. During his more than 23 years in information technology, he has served in a variety of leadership, technical, and information security roles, including leading the University of Notre Dame’s Campus Technology Services operations and infrastructure division as well as heading up Notre Dame’s information security team as Notre Dame’s director of information security.
He has written books on security certification and cyberwarfare, including co-authoring CompTIA CySA+ Study Guide: Exam CS0-002, CompTIA CySA+ Practice Tests: Exam CS0-002, and CISSP Official (ISC)2 Practice Tests and CompTIA Security+ Study Guide: Exam SY0-601 and CompTIA Security+ Practice Tests: Exam SY0-601, all from Wiley, and Cyberwarfare: Information Operations in a Connected World from Jones and Bartlett.
David holds a bachelor’s degree in communication technology and a master’s degree in information security from Eastern Michigan University, as well as CISSP, GPEN, GCIH, CySA+, and PenTest+ certifications.
About the Technical Editor
Ben Malisow is a consultant and writer with more than 25 years of experience in the fields of information, security, and information security. He teaches SSCP, CISSP, and CCSP preparation courses for (ISC)2 and has written the Official (ISC)2 CCSP Study Guide and the Official (ISC)2 Practice Tests books, among other titles; his latest works include CCSP Practice Tests and Exposed: How Revealing Your Data and Eliminating Privacy Increases Trust and Liberates Humanity. He and his partner, Robin Cabe, host the weekly podcast “The Sensuous Sounds of INFOSEC,” from his website, www.securityzed.com.
Introduction
(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests, 2nd Edition is a companion volume to the SSCP (ISC)2 Systems Security Certified Practitioner Official Study Guide, 3rd Edition. If you’re looking to test your knowledge before you take the SSCP exam, this book will help you by providing a combination of practice questions that cover the SSCP Common Body of Knowledge and easy-to-understand explanations of both right and wrong answers. This book as well as the 3rd edition of the Study Guide are updated according to the Exam Outline effective November 2021.
If you’re just starting to prepare for the SSCP exam, we highly recommend that you use the SSCP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 3rd Edition to help you learn about each of the domains covered by the SSCP exam. Once you’re ready to test your knowledge, use this book to help find places where you may need to study more, or to practice for the exam itself.
Since this is a companion to the SSCP Study Guide, this book is designed to be similar to taking the SSCP exam. It contains multipart scenarios as well as standard multiple-choice questions similar to those you may encounter in the certification exam itself. The book itself is broken up into 9 chapters: 7 domain-centric chapters covering each domain, and 2 chapters that contain full-length practice tests to simulate taking the exam itself.
SSCP Certification
The SSCP certification is offered by the International Information System Security Certification Consortium, or (ISC)2, a global nonprofit. The mission of (ISC)2 is to support and provide members and constituents with credentials, resources, and leadership to address cyber, information, software, and infrastructure security to deliver value to society. They achieve this mission by delivering the world’s leading information security certification program. The SSCP is the entry-level credential in this series and is accompanied by several other (ISC)2 programs:
Certified Information Systems Security Professional (CISSP)
Certified Authorization Professional (CAP)
Certified Secure Software Lifecycle Professional (CSSLP)
Certified Cyber Forensic Professional (CCFP)
HealthCare Information Security Privacy Practitioner (HCISPP)
Certified Cloud Security Professional (CCSP)
There are also three advanced CISSP certifications for those who wish to move on from the base credential to demonstrate advanced expertise in a domain of information security:
Information Systems Security Architecture Professional (CISSP-ISSAP)
Information Systems Security Engineering Professional (CISSP-ISSEP)
Information Systems Security Management Professional (CISSP-ISSMP)
The SSCP certification covers seven domains of information security knowledge. These domains are meant to serve as the broad knowledge foundation required to succeed in the information security profession. They include:
Access Controls
Security Operations and Administration
Risk Identification, Monitoring, and Analysis
Incident Response and Recovery
Cryptography
Network and Communications Security
