Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← General Security Concepts practice sets

SY0-701 General Security Concepts • Complete Question Bank

SY0-701 General Security Concepts — All Questions With Answers

Complete SY0-701 General Security Concepts question bank — all 0 questions with answers and detailed explanations.

164
Questions
Free
No signup
Certifications/SY0-701/Practice Test/General Security Concepts/All Questions
Question 1mediummultiple choice
Read the full General Security Concepts explanation →

A security engineer writes a script that computes SHA-256 hashes of critical server configuration files every night and sends an alert if any hash value has changed since the previous night. Which security goal is this control primarily designed to protect?

Question 2mediummultiple choice
Read the full General Security Concepts explanation →

A financial institution updates its access control policy to require that two different system administrators must approve and execute any changes to the core transaction processing database. Which security principle is this practice primarily designed to enforce?

Question 3mediummultiple choice
Read the full General Security Concepts explanation →

A security architect is designing the network security posture for a new branch office. The plan includes a next-generation firewall at the perimeter, an intrusion prevention system on the internal network, mandatory multi-factor authentication for all remote access, and quarterly security awareness training for employees. The architect explains that these controls are independent of each other so that a failure in any single control does not leave the entire network unprotected. Which security concept is the architect primarily implementing?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst at a hospital is reviewing user permissions in the electronic health record (EHR) system. The analyst discovers that all nursing staff accounts are members of the 'Administrators' group, which grants full read and write access to all patient records, as well as the ability to modify system configuration settings. The nursing staff's job responsibilities only require viewing and updating records for patients currently assigned to them. Which security principle is most directly violated by this configuration?

Question 5mediummultiple choice
Read the full General Security Concepts explanation →

A defense contractor is deploying a new document management system that will store classified military intelligence. The security policy requires that user access to each document is strictly determined by the document's classification label (e.g., Confidential, Secret, Top Secret) and the user's verified security clearance level. Furthermore, system administrators must not be able to change these access rules or grant themselves access to documents above their clearance. Which access control model is best suited for this requirement?

Question 6mediummultiple choice
Read the full General Security Concepts explanation →

A security analyst is investigating a data integrity incident where an attacker exploited a vulnerability in a web application to alter customer account balance records in the database. The analyst identifies the exact records that were modified and restores those records from a verified read-only backup taken prior to the attack. Which security goal is the analyst primarily addressing by restoring the records from backup?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A software vendor distributes critical security updates for its application through a public download website. The vendor wants to allow customers to verify that each update originated from the vendor and has not been modified in transit. Which of the following cryptographic techniques should the vendor apply to the update files before posting them for download?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

A financial institution is implementing a new policy for all remote access to its payment processing system. The system will generate a unique digital signature for each administrative action, and all actions will be recorded in a tamper-evident audit log that is replicated to an immutable storage location. The primary objective of this policy is to ensure that administrators who perform sensitive operations cannot later deny having executed them. Which security goal is this policy primarily intended to enforce?

Question 9mediummultiple choice
Read the full General Security Concepts explanation →

A security auditor is reviewing the access controls for a payroll application. The auditor discovers that a single user, the payroll manager, has permissions to both create new employee records and then approve and process salary payments for those records. The company's security policy requires that no single individual should be able to execute both the creation and the approval of a payment for the same employee. Which of the following security principles is the company's policy attempting to enforce?

Question 10mediummultiple choice
Read the full General Security Concepts explanation →

A security architect is designing a defense strategy for a database containing sensitive customer records. The architect implements a network firewall to restrict inbound traffic to only the application server, enforces file-level encryption for the database files, requires multi-factor authentication for all administrative access, and deploys a database activity monitoring system to alert on unusual queries. Which security principle is the architect primarily applying?

Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A company is enhancing its network security posture. The security team deploys a system that passively monitors network traffic, analyzes packets for signs of malicious activity, and generates alerts when suspicious patterns are detected. This system does not actively block or modify any traffic. Which type of security control does this system BEST represent?

Question 12easymultiple choice
Read the full General Security Concepts explanation →

A company wants one document that tells employees what they are required to do when handling company systems and data. Which document type is the best fit?

Question 13easymultiple choice
Study the full AAA explanation →

After a user signs in, a file server checks whether they can edit a shared folder. Which AAA concept is being applied?

Question 14mediummultiple choice
Read the full General Security Concepts explanation →

A legal team must send a confidential contract to a partner so only the intended recipient can read it, and the partner also needs assurance the file really came from your company. Which approach best meets both needs?

Question 15easymulti select
Read the full General Security Concepts explanation →

Which two statements describe authorization? Select two.

Question 16easymultiple choice
Read the full General Security Concepts explanation →

A restricted server room opens only with a badge, and an alarm sounds if the door is left open too long. Which control type is the alarm?

Question 17hardmultiple choice
Study the full AAA explanation →

Based on the exhibit, what should be implemented to reduce the blast radius if a backup server is compromised later?

Backup job configuration: algorithm=AES-256-GCM key_file=/opt/backup/key.bin rotation=disabled same_key_for_all_sites=true backup_media copied to an offsite vault each night

Exhibit

Backup job configuration:
algorithm=AES-256-GCM
key_file=/opt/backup/key.bin
rotation=disabled
same_key_for_all_sites=true
backup_media copied to an offsite vault each night
Question 18hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best fix so role changes are reflected promptly in the application?

Token and directory data:

09:10 Token issued for user jdoe groups=[Finance_Approver, Expense_Reviewer] auth_time=09:10 exp=17:10 09:15 HR updated directory: jdoe moved to Sales 11:00 The application still accepts the original token and allows expense approval 11:01 Identity provider logs show no token revocation event

Exhibit

09:10  Token issued for user jdoe
      groups=[Finance_Approver, Expense_Reviewer]
      auth_time=09:10
      exp=17:10
09:15  HR updated directory: jdoe moved to Sales
11:00  The application still accepts the original token and allows expense approval
11:01  Identity provider logs show no token revocation event
Question 19hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which change best improves accountability while still allowing emergency access?

A finance team uses the following shared account on a jump host:

07:55:12 Account=FIN-ADMIN Action=ApproveInvoice Host=JUMP-02 IP=10.30.8.21 07:56:03 Account=FIN-ADMIN Action=ChangeVendorBank Host=JUMP-02 IP=10.30.8.21 07:57:44 Account=FIN-ADMIN Action=ExportReport Host=JUMP-02 IP=10.30.8.21

Note: FIN-ADMIN is used by three finance managers during after-hours support.

Exhibit

07:55:12  Account=FIN-ADMIN  Action=ApproveInvoice   Host=JUMP-02  IP=10.30.8.21
07:56:03  Account=FIN-ADMIN  Action=ChangeVendorBank Host=JUMP-02  IP=10.30.8.21
07:57:44  Account=FIN-ADMIN  Action=ExportReport     Host=JUMP-02  IP=10.30.8.21
Note: FIN-ADMIN is used by three finance managers during after-hours support.
Question 20hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which additional control is the best fit to prevent employees from copying sensitive reports to removable media?

Exhibit

Current controls on finance laptops:
- Full-disk encryption enabled
- SIEM alerting on impossible-travel logins
- Weekly security awareness reminders
- USB ports left enabled for engineering and finance teams
Incident summary:
- Two finance users copied monthly revenue files to personal flash drives after downloading them
- Internet access and email must remain available for normal work
Question 21easymultiple choice
Read the full General Security Concepts explanation →

Which document tells all employees what they are allowed and not allowed to do when using company systems?

Question 22mediummultiple choice
Read the full General Security Concepts explanation →

The security team configures the badge system so employees must present both a badge and a PIN before entering the data center. The access logs are reviewed weekly for failed attempts. Which pair of control types best describes these measures?

Question 23hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best governance improvement?

Data handling procedure: - Managers may approve external sharing exceptions verbally. - Staff record exceptions in email threads. - No retention period is defined for exception evidence.

Audit note: multiple exceptions could not be traced to an approver.

Exhibit

Data handling procedure:
- Managers may approve external sharing exceptions verbally.
- Staff record exceptions in email threads.
- No retention period is defined for exception evidence.

Audit note: multiple exceptions could not be traced to an approver.
Question 24easymulti select
Read the full General Security Concepts explanation →

Which two practices help protect encryption keys? Select two.

Question 25hardmulti select
Review the full routing breakdown →

A development team signs branch-router firmware before deployment. The same code-signing private key is stored on two build servers, and a compromise of either server would let an attacker sign malicious updates that look legitimate. Which two changes best reduce the cryptographic risk while preserving the ability to sign trusted releases? Select two.

Question 26hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which document should be created or updated to make these settings mandatory and measurable?

Endpoint baseline draft: - Full-disk encryption should be enabled on all corporate laptops. - Screen lock should activate after 15 minutes of inactivity. - Users should choose strong passwords.

Related documents: Policy: Acceptable Use Policy Standard: none Procedure: Laptop imaging steps Guideline: Suggested hardening tips

Exhibit

Endpoint baseline draft:
- Full-disk encryption should be enabled on all corporate laptops.
- Screen lock should activate after 15 minutes of inactivity.
- Users should choose strong passwords.

Related documents:
Policy: Acceptable Use Policy
Standard: none
Procedure: Laptop imaging steps
Guideline: Suggested hardening tips
Question 27easymulti select
Read the full General Security Concepts explanation →

Which two are common warning signs of phishing messages? Select two.

Question 28easymultiple choice
Read the full General Security Concepts explanation →

A company wants to make sure only approved administrators can view and rotate a shared encryption secret used by several applications. What is the best way to manage that secret?

Question 29mediummultiple choice
Read the full General Security Concepts explanation →

A help desk receives an email from an employee asking to urgently reset MFA because they are traveling and locked out. The sender address matches the employee's name but uses a slightly different domain. What is the best action for the help desk agent?

Question 30easymulti select
Read the full General Security Concepts explanation →

Which two are detective controls? Select two.

Question 31mediummultiple choice
Read the full General Security Concepts explanation →

A company suspects the master encryption key used by a cloud storage service may have been exposed. The data must remain protected if someone later obtains a copy of the old key. What is the best next step?

Question 32mediummultiple choice
Read the full General Security Concepts explanation →

During an incident, a server administrator needs elevated access to production logs for exactly two hours after manager approval. The organization does not want standing privileged accounts. Which solution is the best fit?

Question 33hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which document type should be updated to make the approval and retention requirements mandatory across the organization?

Exhibit

Current document excerpt:
- Managers may approve external file sharing by email.
- Employees should keep the approval email in their inbox.
- Help desk records exceptions if time allows.
Audit note:
- No consistent evidence of approval or exception retention was found across departments.
Management objective:
- External sharing exceptions must be approved, retained, and auditable in a consistent way.
Question 34hardmultiple choice
Read the full VPN explanation →

Based on the exhibit, which improvement best addresses the biggest cryptographic risk?

TLS inventory: - edge-vpn01 and edge-vpn02 present the same certificate and private key - private key file stored in a shared SMB folder - admins copy the key manually during maintenance - compromise of either gateway would expose the file path to the same share

Exhibit

TLS inventory:
- edge-vpn01 and edge-vpn02 present the same certificate and private key
- private key file stored in a shared SMB folder
- admins copy the key manually during maintenance
- compromise of either gateway would expose the file path to the same share
Question 35hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best fix so role changes take effect promptly without waiting for token expiration?

Exhibit

Application log excerpt:
10:20 HR updated jsmith from finance_approver to finance_viewer
10:35 invoice-approve allowed for jsmith by token claim role=finance_approver
11:05 jsmith still able to submit approval actions
JWT sample:
{
  "sub": "jsmith",
  "roles": ["finance_approver"],
  "exp": "2026-05-01T18:00:00Z"
}
Identity team note: tokens remain valid for 8 hours after sign-in.
Question 36easymulti select
Study the full AAA explanation →

Which two actions are examples of accounting in AAA? Select two.

Question 37easymultiple choice
Study the full AAA explanation →

Which action is the best example of accounting in AAA?

Question 38easymultiple choice
Read the full General Security Concepts explanation →

A development team needs a centralized service to store, rotate, and control access to encryption keys for applications. Which solution best fits?

Question 39easymultiple choice
Read the full General Security Concepts explanation →

A security team configures the SIEM to alert when a user account has several failed logins followed by a successful login from a new location. What type of control is this?

Question 40easymultiple choice
Read the full General Security Concepts explanation →

A manager wants files on a stolen laptop to remain unreadable even if the drive is removed and connected to another computer. Which control should be implemented?

Question 41easymulti select
Read the full General Security Concepts explanation →

Which two documents are typically mandatory and organization-wide rather than optional guidance? Select two.

Question 42hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which additional control best reduces the risk of tailgating at the entrance while preserving normal employee flow?

Exhibit

Lobby access review:
- 09:14:02 badge swipe accepted for employee j.tan
- 09:14:07 an unknown person entered immediately behind j.tan
- 09:14:19 CCTV shows the person had no badge visible
- 09:16:44 the person exited through the same lobby door
Current controls:
- Badge reader on main entrance
- CCTV camera facing the lobby
- Monthly security awareness reminder about badge use
Question 43hardmultiple choice
Read the full NAT/PAT explanation →

Based on the exhibit, which awareness control best addresses the observed failure pattern?

Exhibit

Phishing awareness summary:
- 300 users received a fake help-desk phone call
- 17 users disclosed a one-time code
- 41 users reported the call
- Most failures happened after the caller asked users to "verify" their account
Sample call script:
"Please read the code from your authenticator app so we can restore access."
Training manager note:
- Users recognize suspicious emails more often than suspicious phone calls.
Question 44easymultiple choice
Read the full General Security Concepts explanation →

The help desk needs a document that describes the exact steps for verifying a caller and resetting a password. What type of document should they use?

Question 45easymultiple choice
Read the full General Security Concepts explanation →

An employee receives an email that appears to be from the CEO and asks for an urgent wire transfer. The sender address is slightly different from the real company address. What is the best first action?

Question 46easymultiple choice
Study the full AAA explanation →

After an employee successfully signs in to a file-sharing portal, the portal checks whether the employee can upload files to a specific project folder. Which AAA concept is being used?

Question 47mediummultiple choice
Read the full General Security Concepts explanation →

A payroll application allows the same user to create a vendor and approve a payment. The security team wants to reduce fraud without adding unnecessary complexity. Which principle should they apply?

Question 48hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which control would most effectively reduce the remaining successful attacks?

Phishing awareness results: Team A: click rate 8%, report rate 6%, median report time 52 min Team B: click rate 7%, report rate 18%, median report time 14 min Team C: click rate 12%, report rate 21%, median report time 10 min

Incident summary: Team C had one mailbox takeover after a user approved an MFA push while traveling.

Exhibit

Phishing awareness results:
Team A: click rate 8%, report rate 6%, median report time 52 min
Team B: click rate 7%, report rate 18%, median report time 14 min
Team C: click rate 12%, report rate 21%, median report time 10 min

Incident summary: Team C had one mailbox takeover after a user approved an MFA push while traveling.
Question 49hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best improvement to reduce the impact if one backup server is compromised?

Exhibit

backup.sh excerpt:
```
openssl enc -aes-256-cbc -in finance.tar -out finance.tar.enc -kfile /opt/backup/finance.key
chmod 600 /opt/backup/finance.key
# same key file copied to all backup servers
```
Backup administrator note:
- All sites use the same encryption key so restores are simple.
- The key file is stored on the local backup server.
Question 50easymulti select
Read the full General Security Concepts explanation →

A company wants controls that rely on people and documented direction rather than technology. Which two are administrative controls? Select two.

Question 51easymultiple choice
Read the full General Security Concepts explanation →

A company wants to reduce the chance that a stolen password can be used to access employee email. Which control is the best fit?

Question 52easymultiple choice
Read the full General Security Concepts explanation →

An employee receives a phone call from someone claiming to be IT and asking for a one-time verification code to "fix" the employee's account. What is the best response?

Question 53mediummulti select
Read the full General Security Concepts explanation →

A company wants to detect unauthorized changes to production server configurations before users notice an outage. Which two controls best fit this goal? Select two.

Question 54mediummultiple choice
Read the full General Security Concepts explanation →

An organization is redesigning access for a finance application. Employees should be able to approve expense reports only within their assigned job roles, and every approval must be traceable to the individual user who performed it. Which access model best fits this requirement?

Question 55easymulti select
Read the full General Security Concepts explanation →

Which two uses are appropriate for encryption in transit? Select two.

Question 56easymultiple choice
Read the full General Security Concepts explanation →

A security manager wants to require that all company laptops use at least a 14-character password and lock after 10 minutes of inactivity. Which document should define these mandatory settings?

Question 57hardmultiple choice
Read the full VPN explanation →

Based on the exhibit, what additional control is the best fit?

Current controls on the finance share: - SMB signing enabled - Weekly access review - Nightly backups to immutable storage - Antivirus scans at 02:00

Incident: a valid VPN account was used to access 40,000 files in 8 minutes and copy them to a local drive. Goal: detect unauthorized bulk access quickly before exfiltration completes.

Exhibit

Current controls on the finance share:
- SMB signing enabled
- Weekly access review
- Nightly backups to immutable storage
- Antivirus scans at 02:00

Incident: a valid VPN account was used to access 40,000 files in 8 minutes and copy them to a local drive.
Goal: detect unauthorized bulk access quickly before exfiltration completes.
Question 58hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best change to improve accountability without removing emergency access?

Exhibit

Jump host session log:
```
10:02  sharedadmin login successful from 10.20.1.45
10:03  sudo /opt/deploy/apply_patch.sh
10:11  sudo systemctl restart appsvc
10:12  logout
```
Audit note:
- Three administrators used the same shared account this week.
- Logs do not identify which person executed which command.
- Management still wants a break-glass option for after-hours maintenance.
Question 59easymultiple choice
Read the full General Security Concepts explanation →

An administrator needs to send sensitive configuration details to a remote branch office so only the branch manager can read them. Which cryptographic method is most appropriate?

Question 60easymatching
Read the full General Security Concepts explanation →

Match each control type to the example that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

MFA is required before a user can open the email system.

File integrity monitoring alerts when a protected file changes.

A compromised laptop is reimaged from a standard build.

A login banner warns that activity is monitored and audited.

A procedure tells staff to report lost devices within one hour.

Extra logging is enabled while a missing patch is being scheduled.

Question 61hardmulti select
Read the full NAT/PAT explanation →

A legacy payroll server has a critical patch available, but the business cannot reboot it for 45 days. The team isolates the server to only the payroll application subnet and requires written approval before any temporary firewall exception is made. Which two control types are present? Select two.

Question 62hardmulti select
Read the full General Security Concepts explanation →

After several unauthorized edits to firewall objects caused a production outage, a security team wants one control that will flag future configuration drift and another that will automatically restore the approved baseline before the next maintenance window. Which two controls best meet that goal? Select two.

Question 63easymatching
Read the full General Security Concepts explanation →

Match each control type to the most fitting example in a branch office.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Secure boot refuses to start untrusted boot code.

A log review process shows when an administrator changed a firewall rule.

A damaged endpoint is restored from a known-good image.

A camera above the server rack makes misuse less likely.

A written standard tells staff how to handle removable media.

A restricted jump box is used until direct admin access is approved again.

Question 64hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what change would best protect the password database against precomputed attacks and make identical passwords less obvious?

Exhibit

Password audit snapshot:
User     Stored value
alice    5baa61e4c9b93f3f0682250b6cf8331b
bob      5baa61e4c9b93f3f0682250b6cf8331b
carol    2bb80d537b1da3e38bd30361aa855686

Audit note:
Two accounts have the same stored value, and the security team wants to reduce the value of rainbow-table attacks if the database is stolen.
Question 65hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what control type is the file integrity monitor providing?

Exhibit

File Integrity Monitor alert:
Host: WEB-03
Path: /etc/ssh/sshd_config
Time: 02:18:44
Old SHA-256: 7f2a9c8d2b0f9c7e6a0c...
New SHA-256: 91cd1f3b84d7e2a7f44b...
Action taken: alert sent to SOC; no rollback or automatic block occurred

SOC note:
An unauthorized change was detected during the overnight review.
Question 66hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which security principle is the proposed access model most aligned with?

Exhibit

Current access model:
- Any laptop on the corporate VPN can reach 10.8.40.15:443.
- The VPN checks device compliance only when the tunnel is created.
- After login, the session remains valid for 12 hours.
- Users can access the finance app from any managed or unmanaged device once connected.

Security proposal:
- Reevaluate device posture before each sensitive transaction.
- Grant only application-specific access, not subnet-wide access.
- Require MFA again if device risk changes during the session.
Question 67hardmultiple choice
Read the full General Security Concepts explanation →

An analyst on the HR application team needs access to a production database replica only long enough to verify a column-mapping issue. The analyst should not be able to browse salary fields, export tables, or keep access after the task ends. Which principle best matches the desired access model?

Question 68easymultiple choice
Read the full General Security Concepts explanation →

A security team stores employee passwords in a database. Which method best protects the passwords if the database is stolen?

Question 69easymultiple choice
Read the full General Security Concepts explanation →

A user downloads a company software update and wants to verify it really came from the vendor and was not changed in transit. Which cryptographic feature should they check?

Question 70hardmultiple choice
Read the full General Security Concepts explanation →

To reduce fraud, a finance system requires one user to create a payment batch, a different user to approve it, and a third role to release it to the bank. An audit recommends adding a "super-user" who can perform all three steps to speed month-end close. Which principle would that recommendation most directly weaken?

Question 71easymatching
Read the full General Security Concepts explanation →

Match each security principle to the best workplace example.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A help desk technician can reset passwords but cannot open payroll records.

A customer portal uses MFA, endpoint protection, and network filtering together.

The system rechecks trust before each sensitive action, even from a managed device.

One employee creates a payment batch and a different employee approves it.

An analyst sees only the case files assigned to that investigation.

Question 72hardmulti select
Read the full General Security Concepts explanation →

A cloud backup service uses envelope encryption. The key-encryption key is nearing the end of its approved lifetime, but the business cannot decrypt and re-encrypt every backup object this week. Which two statements best describe the correct rotation approach? Select two.

Question 73hardmulti select
Read the full General Security Concepts explanation →

In the finance workflow, one employee can create a payment batch but cannot approve it, and the same person also cannot view employee records that are unrelated to the task. Which two principles are being enforced? Select two.

Question 74hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which control type best describes the jump host requirement?

Exhibit

Legacy payroll application notes:
- Vendor confirms the admin console does not support MFA or SSO.
- Direct inbound access to TCP/8443 is blocked from user VLANs.
- Administrators must connect to jump host JH-02.
- JH-02 requires MFA, records all sessions, and forwards admin traffic to PAY-LEG-01.
- The target application itself cannot be modified before end of support.
Question 75hardmultiple choice
Read the full General Security Concepts explanation →

A vendor distributes a Linux package through multiple mirrors. Security wants to verify that the package really came from the vendor and was not altered after publication, even if a mirror or CDN is compromised. Which cryptographic mechanism should be checked?

Question 76hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which cryptographic mechanism provides proof that the update came from the vendor and was not altered?

Exhibit

Package verification steps:
1. sha256sum update.zip = 9f7c2a4b6f1d8e4c...
2. Vendor website shows the same hash
3. openssl dgst -sha256 -verify vendor_pub.pem -signature update.zip.sig update.zip
   Verified OK

Audit note:
The security team wants proof of origin, not just proof that the file content stayed the same.
Question 77easymatching
Read the full General Security Concepts explanation →

Match each security control type to the best example in a small office environment.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A firewall blocks inbound remote desktop traffic from the internet.

A SIEM alert notifies analysts after multiple failed logins occur.

A clean backup is restored after malware is removed from a laptop.

A visible warning sign says the area is under video surveillance.

A policy requires users to lock their screens when stepping away.

A jump host is used temporarily until direct administration is safely allowed.

Question 78easymatching
Read the full General Security Concepts explanation →

Match each cryptographic action to the most appropriate use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protect the data if the laptop is stolen.

Check that the file was not changed during download.

Make identical passwords produce different hash values.

Confirm the file came from the expected sender and stayed intact.

Replace an encryption key on a planned schedule.

Question 79hardmulti select
Read the full General Security Concepts explanation →

A contractor is brought in to investigate a single alert on an ERP system. The contractor gets read-only access to one log source through a jump host, cannot see user payroll records, and the account expires automatically at shift end. Which two principles are being applied? Select two.

Question 80easymatching
Read the full General Security Concepts explanation →

Match each access principle to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Give the user only the permissions needed to do the job.

Share only the information required for the assigned task.

Split important steps so one person cannot complete everything alone.

Verify each request instead of trusting a user just because they are internal.

Use multiple protective layers so one failure does not expose everything.

Question 81hardmultiple choice
Read the full General Security Concepts explanation →

A web portal for customer refunds checks device health at sign-in, then re-checks the device and user context before each refund over a threshold. A session that started on a managed laptop is blocked when the laptop later fails posture checks, even though the password remains valid. Which principle is best illustrated?

Question 82easymultiple choice
Read the full General Security Concepts explanation →

A small company wants all employees to lock their screens after 10 minutes of inactivity, and the rule is included in the formal security policy. What type of control is this?

Question 83easymultiple choice
Read the full General Security Concepts explanation →

A company uses an encryption key for a database backup process. The key is being replaced because the old one is near the end of its approved use period. What is this action called?

Question 84hardmultiple choice
Read the full General Security Concepts explanation →

A user database is stolen from a SaaS portal. Investigators discover the password column contains the same value for every user who chose "Summer2026!", and an attacker could use precomputed tables to crack weak passwords quickly. Which change best addresses both the repeated-value issue and rainbow-table risk?

Question 85hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which security principle is the proposed workflow most directly enforcing?

Exhibit

Firewall rule change #4219:
- Requested by: NetworkOps1
- Approved by: NetworkOps1
- Implemented by: NetworkOps1
- Audit note: the same person can create, approve, and deploy production firewall changes.
Proposed redesign:
- Engineer drafts the change.
- Security reviewer approves it.
- A different administrator implements it during a maintenance window.
- The change ticket is visible only to the people assigned to the task.
Question 86hardmulti select
Read the full General Security Concepts explanation →

A hybrid cloud portal first checks device health at the identity provider, then requires MFA, then enforces a per-application authorization decision before each sensitive action. Network access is also limited by a gateway, and a WAF sits in front of the app. Which two principles are best demonstrated? Select two.

Question 87easymultiple choice
Read the full General Security Concepts explanation →

A company uses MFA, endpoint protection, firewalls, and network segmentation together to protect a customer portal. Which security principle does this best illustrate?

Question 88hardmulti select
Read the full General Security Concepts explanation →

A company stores application passwords in a database that could be stolen during a breach. The team wants to prevent attackers from using precomputed tables and also make identical passwords produce different stored values. Which two changes should be implemented? Select two.

Question 89easymultiple choice
Read the full General Security Concepts explanation →

A help desk technician needs temporary access to read one shared folder to troubleshoot a printer issue. Which access choice best follows least privilege?

Question 90hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what control type is the automated reapplication of the baseline?

Exhibit

MDM remediation log:
Device: FIN-LT-14
Issue: Local firewall profile modified by user
Policy baseline: Company-Standard-Windows-14
Action: policy sync scheduled at next check-in
Result: approved firewall rules reapplied automatically after the device reconnected

Help desk note:
The user changed local settings to troubleshoot a personal printer and did not restore them.
Question 91hardmultiple choice
Read the full General Security Concepts explanation →

A records application displays a mandatory notice before login that tells employees exactly which data types they may open, when to lock their screens, and that only assigned work may be processed. The notice is meant to shape behavior before misuse occurs, but it does not technically block any action. Which control type is this notice?

Question 92hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which action is required to keep the backups restorable after the key-encryption key rotation?

Exhibit

Backup vault policy:
- Backup objects are encrypted with per-job data encryption keys (DEKs).
- A key-encryption key (KEK) named vault-kek-v1 wraps the DEKs.
- vault-kek-v1 will be rotated to vault-kek-v2 tonight.
- Existing backup metadata still points to DEKs wrapped by vault-kek-v1.
- Requirement: all backups from the last 18 months must remain restorable after rotation, with no mass re-encryption window.
Question 93easymatching
Read the full General Security Concepts explanation →

Match each cryptographic concept to its best purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Makes data unreadable to anyone who does not have the correct key.

Creates a fixed-size fingerprint to detect whether data changed.

Adds random data before hashing passwords so identical passwords look different.

Lets others verify who signed the file and that it was not altered.

Replaces an encryption key before its approved lifetime ends.

Question 94hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which access change best follows least privilege while still allowing the help desk to complete the task?

Exhibit

Access request:
Requester: helpdesk_27
Task: reset one user's MFA enrollment and unlock one locked account
Current access:
- Helpdesk_ReadOnly: view user details only
- Helpdesk_Admin: unlock accounts and reset MFA for assigned tickets
- Domain_Admin: full server and directory administration

Proposal:
- Add helpdesk_27 to Domain_Admin for 7 days so the ticket can be completed quickly.
Question 95hardmulti select
Read the full NAT/PAT explanation →

Before installing a vendor patch package on hundreds of endpoints, the security team wants to confirm the file was published by the vendor and was not altered during download. Which two verification steps should the team perform? Select two.

Question 96easymatching
Read the full General Security Concepts explanation →

Match each principle to the scenario that best illustrates it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A database account can update records but cannot approve purchases.

A contractor can view only the log source tied to the assigned ticket.

One person prepares a wire transfer and another authorizes it.

The portal checks the device and user again before each sensitive action.

The application is protected by MFA, filtering, and endpoint controls.

Question 97easymultiple choice
Read the full General Security Concepts explanation →

A finance manager can view only the reports needed for monthly budgeting and cannot see payroll details. Which principle is being applied?

Question 98hardmultiple choice
Read the full General Security Concepts explanation →

During routine checks, configuration management finds several branch firewalls drifted from the approved baseline because a contractor changed settings locally. An automation job now compares each device nightly and automatically reapplies the approved configuration without waiting for a human ticket. Which control type is the automation?

Question 99hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which principle should the organization enforce to reduce fraud risk while keeping the business process functional?

Exhibit

Finance change workflow:
Step 1: Create vendor record - AP Clerk
Step 2: Enter invoice - AP Clerk
Step 3: Approve payment above $5,000 - AP Manager
Step 4: Update bank account - Treasury Admin

Finding:
The shared account finance_ops can perform all four steps, and two employees use the same credentials for convenience.
Question 100mediummatching
Read the full General Security Concepts explanation →

Match each scenario from a security design review to the principle it best demonstrates.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Least privilege

Need-to-know

Zero trust

Defense in depth

Availability

Question 101easymatching
Read the full General Security Concepts explanation →

Match each security principle to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Preventing unauthorized disclosure of information.

Ensuring data is not altered without authorization.

Keeping systems and data accessible when needed.

Giving a user only the permissions required to do the job.

Limiting access to information that a person specifically needs for their role.

Question 102easymatching
Read the full General Security Concepts explanation →

Match the security need to the best cryptographic solution.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Use a hash value.

Use symmetric encryption.

Use asymmetric encryption.

Use a digital signature.

Question 103mediummultiple choice
Read the full General Security Concepts explanation →

A help desk analyst can reset passwords in the ticketing portal but cannot view payroll records, edit user profiles, or access other HR functions. Which security principle is the organization applying?

Question 104mediummultiple choice
Read the full General Security Concepts explanation →

A legacy payroll application cannot support multifactor authentication yet, but the business still needs to reduce risk while the application is being modernized. The security team limits access to a hardened jump host, requires manager approval for access requests, and adds extra logging until the application can be upgraded. What type of control is this?

Question 105mediummultiple choice
Read the full General Security Concepts explanation →

A security architect proposes adding endpoint protection, network segmentation, multifactor authentication, email filtering, and immutable backups so that one failed safeguard does not expose the entire organization. What security strategy is being described?

Question 106hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which security principle should the team strengthen to reduce the chance that stolen credentials alone provide access to sensitive data?

Exhibit

VPN and application audit
08:04 user rpatel authenticated from home laptop
08:05 VPN tunnel established
08:06 request: GET /finance/q4-forecast.xlsx
08:06 policy: allowed because prior login within 12 hours
08:07 note: device posture not checked; no step-up MFA
Question 107hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the best conclusion about the signed document?

Exhibit

openssl verify -CAfile corp-root.pem signed-invoice.pdf
signed-invoice.pdf: OK

Signature report:
- Signer: CN=Northwind Procurement
- Issuer: CN=Corp Intermediate CA
- Timestamp: 2026-04-14 16:22 UTC
- Document digest: matches signature
Question 108easymatching
Read the full General Security Concepts explanation →

Match each cryptographic primitive to its main purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Producing a fixed-length value used to detect changes.

Using the same secret key to encrypt and decrypt data.

Using a public key and private key pair for encryption or decryption.

Proving who signed something and showing it was not changed.

Creating, storing, rotating, and retiring cryptographic keys safely.

Question 109mediummultiple choice
Read the full General Security Concepts explanation →

A branch office needs to send a confidential design document to headquarters over an untrusted network. Headquarters already has the public/private key pair available for document exchange. Which method is most appropriate to keep the file confidential during transit without first sharing a secret key?

Question 110mediummultiple choice
Read the full General Security Concepts explanation →

A backup server encrypts large nightly database exports before sending them to an offsite storage system. The organization has already arranged a secure way to share the secret key between the systems, and performance is a concern because the files are very large. Which encryption approach is the best fit?

Question 111mediummultiple choice
Read the full General Security Concepts explanation →

To discourage unauthorized entry into a records room, facilities installs a large warning sign, a visible camera over the door, and a turnstile staffed by a guard during business hours. Which control category is the warning sign intended to support most directly?

Question 112hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which principle is most directly being violated by the current share permissions?

Exhibit

Share review: \\filesrv\Acquisition
ACL:
- Finance Dept: Modify
- M&A Steering Team: Full Control
- Audit Group: Read
Notes:
- Only three deal leads need access to target valuation models.
- Other finance staff only need invoice-tracking files.
- Valuation models are stored in the same folder as general deal documents.
Question 113hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which key management improvement best preserves recoverability if the primary backup server is lost?

Exhibit

Backup job design
- Generate a random AES key to encrypt 8 TB of archive data
- Encrypt the AES key with the backup server’s public key
- Store the encrypted AES key alongside the archive
- Secondary site must restore the data if the primary backup server is unavailable
- Current design stores the corresponding private key only on the primary server
Question 114mediummultiple choice
Read the full NAT/PAT explanation →

A security team downloads a software update package signed by the vendor. The team verifies the signature using the vendor's public key before approving deployment. What does this verification primarily confirm?

Question 115hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what best describes the additional measures applied to the legacy system?

Exhibit

Legacy system constraints
- Controller cannot support MFA
- Controller cannot support modern encryption
- Replacement will not occur for 9 months
Compensating measures implemented
- Dedicated management VLAN
- Firewall ACLs limiting source IPs
- Jump host with session recording
- Daily configuration backups
Question 116mediummultiple choice
Read the full NAT/PAT explanation →

A system administrator downloads a vendor patch package and a separate checksum file. After the download completes, the administrator runs a command that produces a SHA-256 value for the package and compares it to the vendor's published value. Which cryptographic primitive is being used for the comparison?

Question 117mediummultiple choice
Read the full General Security Concepts explanation →

After a successful phishing attempt, the security team adds MFA, email sandboxing, endpoint isolation, and immutable backups so that one failed safeguard does not expose the company. Which principle does this best illustrate?

Question 118mediummultiple choice
Read the full General Security Concepts explanation →

A legal department sends a confidential contract to an outside partner without first exchanging a shared secret. The sender encrypts the document with the partner's public key so that only the partner can decrypt it with the matching private key. Which cryptographic approach is being used?

Question 119mediummultiple choice
Read the full General Security Concepts explanation →

A cloud support team is changing the way employees access an internal finance portal. Instead of trusting the user's initial login for the rest of the session, the portal now checks identity, device posture, and request context again before allowing access to payroll data or download actions. Which security concept is being implemented?

Question 120mediummultiple choice
Read the full General Security Concepts explanation →

A legacy reporting application cannot be modified this quarter, but users still need access from the corporate network. Security adds a hardened jump server, tighter monitoring, and manual approval for each session because MFA cannot be built into the app yet. What type of control is this?

Question 121mediummultiple choice
Read the full NAT/PAT explanation →

A systems administrator downloads a patch and a SHA-256 checksum file from the vendor. The administrator hashes the patch locally and the values match. What does the matching hash primarily confirm?

Question 122mediummultiple choice
Read the full General Security Concepts explanation →

A contractor is assigned to a single merger project. The manager approves access to only the project share and the project chat space, even though the contractor technically could use other collaboration tools. Which principle is most directly reflected?

Question 123easymatching
Read the full General Security Concepts explanation →

Match each control category to the best example.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A firewall blocks unauthorized inbound traffic.

A written policy requires manager approval before access is granted.

A badge reader controls entry to a server room.

A SIEM alert notifies the SOC about a failed login pattern.

Restoring a system from a known-good backup after a failure.

Question 124mediummultiple choice
Read the full General Security Concepts explanation →

A legal department needs a contract file that can later prove who signed it and whether the content changed after signing. Which cryptographic mechanism should be used?

Question 125hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what should the administrator do next?

Exhibit

C:\Downloads> certutil -hashfile CU-2026-02.msu SHA256
SHA256 hash of CU-2026-02.msu:
9f2c3a1b8d4e0f77c0d2e6b5f0a4b1c8d9e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6
Vendor portal published hash:
9f2c3a1b8d4e0f77c0d2e6b5f0a4b1c8d9e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7
Question 126easymatching
Read the full General Security Concepts explanation →

Match each control type to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Stops a threat before it succeeds.

Identifies an event after or while it is happening.

Fixes a problem after it has occurred.

Discourages an attacker from trying.

Provides an alternate safeguard when the preferred control is not possible.

Question 127mediummultiple choice
Read the full General Security Concepts explanation →

A help desk lead notices that several support technicians have broad administrator access across every department's systems so they can resolve tickets faster. After a phishing incident, management wants to reduce the damage if one technician account is compromised. What is the best security principle to apply when redesigning access?

Question 128easymatching
Read the full General Security Concepts explanation →

Match each PKI term to what it does.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Issues and signs digital certificates.

Binds an identity to a public key.

Can be shared with others to encrypt data or verify signatures.

Must be kept secret and is used to decrypt or sign.

Removes trust from a certificate that should no longer be used.

Question 129hardmultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which security principle does the organization appear to be using most clearly?

Exhibit

Security event summary
- Malicious attachment passed the email filter
- Macro execution was blocked by application control
- Process launch was contained by EDR
- Stolen password alone could not reach the admin portal because MFA was required
- Offline backups were used for recovery testing after the incident
Question 130easymatching
Read the full General Security Concepts explanation →

Match each principle to the workplace scenario.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

A user must be verified each time they request access, even from inside the network.

The organization uses layered controls such as MFA, filtering, and endpoint protection.

A contractor can view only the project files required for assigned tasks.

A support technician receives only the minimum permissions needed to close tickets.

A website stays online after one server fails because another takes over.

Question 131mediummultiple choice
Read the full General Security Concepts explanation →

A finance application stores approval records for wire transfers. Auditors need to prove which employee approved each transfer, and employees must not be able to deny their approval later. Which security objective is best addressed by binding each approval to an individual identity and preserving immutable logs?

Question 132mediummultiple choice
Read the full General Security Concepts explanation →

After an internal PKI was rebuilt, users now see certificate warnings when connecting to the company intranet portal. The portal certificate chains to a new CA, but endpoint trust stores do not recognize it yet. What should the administrator deploy?

Question 133easymultiple choice
Read the full General Security Concepts explanation →

A company requires MFA, endpoint protection, and network filtering so that if one control misses a threat, another control still helps stop it. Which security principle is this?

Question 134mediummultiple choice
Read the full General Security Concepts explanation →

Your company is syncing design files to a cloud object store. The security team wants to reduce risk if the storage account is stolen and also protect the files while they travel across the internet. Which approach is the best fit?

Question 135mediummultiple choice
Read the full General Security Concepts explanation →

An operations manager is worried a single network administrator could quietly push an unauthorized firewall rule. The manager wants every rule change reviewed by a second person and documented before implementation. Which control best addresses this concern?

Question 136hardmulti select
Read the full General Security Concepts explanation →

A baseline review found that standard developer accounts are local administrators, unsigned tools can run from user profile folders, and reimaged systems still end up with unauthorized persistence. Which two changes best improve hardening while preserving developer work? Select two.

Exhibit

Workstation baseline:
- Standard users are local admins
- Executables and scripts run from user-writable paths
- Unauthorized persistence reappears after reimaging
- Developers need to install approved tools, but not arbitrary software
Question 137easymultiple choice
Read the full General Security Concepts explanation →

A sales manager's laptop is often taken home and may contain customer pricing spreadsheets and contract drafts. Which control best protects the files if the laptop is stolen?

Question 138hardmulti select
Read the full General Security Concepts explanation →

A finance app uses the corporate IdP for authentication. A user who moved out of finance can still approve invoices until the browser session expires, and the app caches local roles. Which two changes best make access changes take effect faster without storing app passwords? Select two.

Exhibit

Current behavior:
- Users sign in once through SSO
- App caches role assignments locally for the browser session
- Role changes are only noticed after logout
- No app-specific passwords are stored
Question 139easymultiple choice
Read the full General Security Concepts explanation →

A company launches a new HTTPS portal. Users should be able to confirm the site is really the company's portal and not a fake copy. Which control provides that trust?

Question 140mediummultiple choice
Read the full General Security Concepts explanation →

An HR department hires contractors for fixed 60-day engagements. Accounts should stop working automatically when the engagement ends, and any rehire should require fresh approval rather than restoring old access. What IAM control is the best fit?

Question 141mediummultiple choice
Read the full General Security Concepts explanation →

Employees authenticate once to a corporate portal and then open the help desk, payroll, and documentation apps without logging in again. The apps rely on tokens from the company's identity provider instead of storing separate passwords. What is being implemented?

Question 142mediummultiple choice
Read the full General Security Concepts explanation →

A sysadmin is preparing a dedicated database server for production. The server will not host web services, print services, or file sharing. Which action best follows least privilege and secure defaults?

Question 143hardmulti select
Read the full General Security Concepts explanation →

A developer installed an unknown root CA on a laptop. The browser now accepts a proxy certificate for intranet.apps.example without warnings. Which two controls most directly reduce the chance that this endpoint trusts a malicious interception certificate? Select two.

Exhibit

Endpoint findings:
- Local root certificate store was modified
- Browser trusts a new enterprise-looking root CA
- TLS warnings no longer appear for the internal portal
- The user has local administrator rights
Question 144easymultiple choice
Read the full NAT/PAT explanation →

A finance application records each approval with the manager's unique user ID and a digital signature. Auditors want proof that the manager cannot later deny approving the transaction. Which security objective is most directly being addressed?

Question 145hardmulti select
Read the full NAT/PAT explanation →

A web server should accept traffic only from a load balancer and a management jump host. The current host firewall allows all inbound ports, and the web service runs as a domain administrator. Which two changes most improve hardening without breaking the required access pattern? Select two.

Exhibit

Server review:
- Inbound firewall policy: allow any source to any port
- Web service account: domain admin
- Required flows: load balancer to web service, jump host to admin port
- No other inbound access should be permitted
Question 146hardmulti select
Read the full General Security Concepts explanation →

A microservices team stores service private keys inside container images and renews certificates manually once a year. Security wants to reduce damage if a node is compromised and keep certificate trust manageable at scale. Which two changes are the best fit? Select two.

Exhibit

Deployment notes:
- service.key is copied into the image layer
- the same key is reused across several nodes
- certificate renewal is manual and yearly
- services authenticate to each other with TLS
Question 147mediummultiple choice
Read the full General Security Concepts explanation →

After imaging laptops, the security team wants to ensure screen-lock timeouts, local admin restrictions, and USB storage controls remain consistent on every device even after users make changes. What is the best approach?

Question 148hardmulti select
Read the full NAT/PAT explanation →

A network team wants no single person to both approve and deploy a production firewall rule, and they also want the approval path to be defensible during an investigation. Which two control concepts best address the stated risk? Select two.

Exhibit

Change request excerpt:
- One engineer can submit a firewall rule and approve it alone
- Security requires a second person review for production changes
- The team wants a clear record of who approved and deployed the change
Question 149hardmulti select
Read the full General Security Concepts explanation →

After employees transfer departments, they keep access to old SaaS applications because app-specific accounts are removed only after a manual cleanup ticket. Which two changes best close the lifecycle gap? Select two.

Exhibit

IAM review notes:
- HR updates job changes in the HR system
- SaaS apps maintain separate local accounts
- Deprovisioning is manual and often delayed
- Users keep permissions from their previous role
Question 150hardmulti select
Read the full General Security Concepts explanation →

An internal audit found that a procurement team uses the shared account procure-approve to approve emergency purchases. The log only shows the shared account name, and managers say they cannot prove which person approved each request. Which two changes best improve accountability and nonrepudiation? Select two.

Exhibit

Audit summary:
- Approval account: procure-approve
- 12 employees know the password
- Audit trail records only the shared account name
- No digital signature or tamper-evident log is present
Question 151mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, what is the primary security concern with the current access assignments, and what concept is being violated?

Exhibit

Access review summary

User: Alicia M.
Assigned roles:
- Payroll Administrator
- Finance Approver

Effective permissions:
- Modify payroll records
- Approve payroll release
- Export payment file

Control note:
- No secondary approval is required when Alicia approves her own prepared payroll batch.
Question 152mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which change best reduces the risk of lateral movement if a user workstation is compromised?

Exhibit

Simplified network view

Internet
  |
Perimeter firewall
  |
User VLAN 10 ---------------------------
|  Workstations                       |
|  File shares                        |
|  Domain services                    |
|  SSH allowed from User VLAN to all servers |
---------------------------------------------

Current rule set:
- TCP 22 from any device in VLAN 10 to internal Linux servers
- TCP 3389 from any device in VLAN 10 to Windows servers
- No dedicated admin network
- No bastion host
Question 153mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which change would most improve the security of the stored password data?

Exhibit

Database sample

users.password_hash
--------------------------------
alex   5f4dcc3b5aa765d61d8327deb882cf99
mira   202cb962ac59075b964b07152d234b70
sam    098f6bcd4621d373cade4e832627b4f6

Developer note:
- Passwords are hashed before storage
- The application does not currently store any salt values
Question 154mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which access model best fits the business requirement without creating many custom roles?

Exhibit

File access requirement

Rules:
- Users may open documents only if Department matches the file owner department
- Contractors may access only files tagged Project=Orion and Clearance=Internal
- Managers may access files for employees in their own business unit
- Access decisions must consider user attributes and file tags at request time
Question 155mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, which authentication method best meets the stated remote-admin requirement?

Exhibit

Remote Access Security Requirement

Must have all of the following:
- Phishing-resistant second factor
- Works without relying on SMS or email delivery
- Suitable for privileged administrator logons

Available methods under review:
1. SMS one-time code
2. Email one-time link
3. Authenticator app TOTP code
4. FIDO2 hardware security key
Question 156mediummultiple choice
Read the full General Security Concepts explanation →

Based on the exhibit, users report that the new payment portal opens only after they bypass a browser warning. Which remediation best restores secure access without weakening certificate validation?

Exhibit

$ openssl s_client -connect pay.example.net:443 -servername pay.example.net
CONNECTED(00000003)
depth=0 CN = portal.example.net
verify error:num=62:hostname mismatch
verify return:1
---
Certificate chain
 0 s:CN = portal.example.net
   i:CN = Example Issuing CA
   a:PKEY: rsaEncryption, 2048 (bit)
   Not After : May 10 2026
---
Question 157mediummulti select
Read the full General Security Concepts explanation →

Which three of the following are core principles of the CIA triad in information security? (Choose three.)

Question 158mediummulti select
Read the full General Security Concepts explanation →

Which three of the following are examples of defense-in-depth security controls? (Choose three.)

Question 159mediummulti select
Read the full General Security Concepts explanation →

Which three of the following are characteristics of the principle of least privilege? (Choose three.)

Question 160mediummulti select
Read the full General Security Concepts explanation →

Which three of the following are commonly used to enforce separation of duties? (Choose three.)

Question 161mediummulti select
Read the full General Security Concepts explanation →

A security architect is designing a defense-in-depth strategy for a corporate network. Which of the following are fundamental principles or concepts that should be incorporated into this strategy? (Choose four.)

Question 162mediummulti select
Read the full General Security Concepts explanation →

An organization is updating its security policies to align with modern threats and compliance requirements. Which of the following are key security concepts that should be explicitly addressed in these updated policies? (Choose four.)

Question 163mediumdrag order
Review the full routing breakdown →

Drag and drop the steps to configure a static route on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 164mediumdrag order
Read the full General Security Concepts explanation →

Drag and drop the steps for a typical digital forensics investigation process in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SY0-701 Practice Test 1 — 10 Questions→SY0-701 Practice Test 2 — 10 Questions→SY0-701 Practice Test 3 — 10 Questions→SY0-701 Practice Test 4 — 10 Questions→SY0-701 Practice Test 5 — 10 Questions→SY0-701 Practice Exam 1 — 20 Questions→SY0-701 Practice Exam 2 — 20 Questions→SY0-701 Practice Exam 3 — 20 Questions→SY0-701 Practice Exam 4 — 20 Questions→Free SY0-701 Practice Test 1 — 30 Questions→Free SY0-701 Practice Test 2 — 30 Questions→Free SY0-701 Practice Test 3 — 30 Questions→SY0-701 Practice Questions 1 — 50 Questions→SY0-701 Practice Questions 2 — 50 Questions→SY0-701 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All General Security Concepts setsAll General Security Concepts questionsSY0-701 Practice Hub