SSCP Official (ISC)² Practice Tests is a companion volume to the SSCP (ISC)² Systems Security Certified Practitioner Official Study Guide. If you’re looking to test your knowledge before you take the SSCP exam, this book will help you by providing a combination of practice questions that cover the SSCP Common Body of Knowledge and easy-to-understand explanations of both right and wrong answers.

If you’re just starting to prepare for the SSCP exam, we highly recommend that you use the SSCP (ISC)² Certified Information Systems Security Professional Official Study Guide to help you learn about each of the domains covered by the SSCP exam. Once you’re ready to test your knowledge, use this book to help find places where you may need to study more, or to practice for the exam itself.

Since this is a companion to the SSCP Study Guide, this book is designed to be similar to taking the SSCP exam. It contains multipart scenarios as well as standard multiple-choice questions similar to those you may encounter in the certification exam itself. The book itself is broken up into 9 chapters: 7 domain-centric chapters covering each domain, and 2 chapters that contain full-length practice tests to simulate taking the exam itself.

SSCP Certification

The SSCP certification is offered by the International Information System Security Certification Consortium, or (ISC)², a global nonprofit. The mission of (ISC)² is to support and provide members and constituents with credentials, resources, and leadership to address cyber, information, software, and infrastructure security to deliver value to society. They achieve this mission by delivering the world’s leading information security certification program. The SSCP is the entry-level credential in this series and is accompanied by several other (ISC)² programs:

• Certified Information Systems Security Professional (CISSP)
• Certified Authorization Professional (CAP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Cyber Forensic Professional (CCFP)
• HealthCare Information Security Privacy Practitioner (HCISPP)
• Certified Cloud Security Professional (CCSP)

There are also three advanced CISSP certifications for those who wish to move on from the base credential to demonstrate advanced expertise in a domain of information security:

• Information Systems Security Architecture Professional (CISSP-ISSAP)
• Information Systems Security Engineering Professional (CISSP-ISSEP)
• Information Systems Security Management Professional (CISSP-ISSMP)

The SSCP certification covers seven domains of information security knowledge. These domains are meant to serve as the broad knowledge foundation required to succeed in the information security profession. They include:

• Access Controls
• Security Operations and Administration
• Risk Identification, Monitoring, and Analysis
• Incident Response and Recovery
• Cryptography
• Network and Communications Security
• Systems and Application Security

Complete details on the SSCP Common Body of Knowledge (CBK) are contained in the Candidate Information Bulletin (CIB). The CIB, which includes a full outline of exam topics, can be found on the ISC² website at www.isc2.org.

Taking the SSCP Exam

The SSCP exam is a 3-hour exam that consists of 125 questions covering the seven domains. Passing requires achieving a score of at least 700 out of 1,000 points. It’s important to understand that this is a scaled score, meaning that not every question is worth the same number of points. Questions of differing difficulty may factor into your score more or less heavily. That said, as you work through these practice exams, you might want to use 70 percent as a yardstick to help you get a sense of whether you’re ready to sit for the actual exam. When you’re ready, you can schedule an exam via links provided on the (ISC)² website—tests are offered in locations throughout the world.

The questions on the SSCP exam are all multiple choice questions with four answer options. You will be asked to select the one correct answer for each question. Watch out for questions that ask you to exercise judgement—these are commonly used on (ISC)² exams. You might be asked to identify the “best” option or select the “least” expensive approach. These questions require that you use professional judgement to come to the correct answer.

Work Experience Requirement

Candidates who wish to earn the SSCP credential must not only pass the exam but also demonstrate that they have at least one year of work experience in the information security field. Your work experience must cover activities in at least one of the seven domains of the SSCP program and must be paid employment.

You may be eligible to waive the work experience requirement based on your educational achievements. If you hold a bachelor’s or master’s degree in cybersecurity, you may be eligible for a degree waiver that covers one of those years. For more information see https://www.isc2.org/Certifications/SSCP/experience-requirements#.

If you haven’t yet completed your work experience requirement, you may still attempt the SSCP exam. Individuals who pass the exam are designated Associates of (ISC)² and have two years to complete the work experience requirement.

Recertification Requirements

Once you’ve earned your SSCP credential, you’ll need to maintain your certification by paying maintenance fees and participating in continuing professional education (CPE). As long as you maintain your certification in good standing, you will not need to retake the SSCP exam. Currently, the annual maintenance fees for the SSCP credential are $85 per year.

The SSCP CPE requirement mandates earning at least 20 CPE credits each year toward the 60-credit three-year requirement. (ISC)² provides an online portal where certificants may submit CPE completion for review and approval. The portal also tracks annual maintenance fee payments and progress toward recertification.

Using This Book to Practice

This book is composed of 9 chapters. Each of the first seven chapters covers a domain, with a variety of questions that can help you test your knowledge of real-world, scenario, and best practices–based security knowledge. The final two chapters are complete practice exams that can serve as timed practice tests to help determine if you’re ready for the SSCP exam.

We recommend taking the first practice exam to help identify where you may need to spend more study time, and then using the domain-specific chapters to test your domain knowledge where it is weak. Once you’re ready, take the second practice exam to make sure you’ve covered all of the material and are ready to attempt the SSCP exam.

Using the Online Practice Tests

All of the questions in this book are also available in Sybex’s online practice test tool. To get access to this online format, go to www.wiley.com/go/sybextestprep and start by registering your book. You’ll receive a pin code and instructions on where to create an online test bank account. Once you have access, you can use the online version to create your own sets of practice tests from the book questions and practice in a timed and graded setting.