SY0-701 · topic practice

Social Engineering practice questions

Practise Security+ SY0-701 Social Engineering practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Social Engineering

What the exam tests

What to know about Social Engineering

Social Engineering questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Social Engineering exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Social Engineering questions

20 questions · select your answer, then reveal the explanation

An employee receives an email that appears to be from the CEO and asks for gift cards before a meeting. What should the employee do first?

A security analyst is reviewing the organization’s security awareness program. Which three of the following are key metrics that demonstrate the effectiveness of the program? (Choose three.)

A help desk receives an email from an employee asking to urgently reset MFA because they are traveling and locked out. The sender address matches the employee's name but uses a slightly different domain. What is the best action for the help desk agent?

A help desk technician receives a call from someone claiming to be a contractor whose MFA device was lost during travel. The caller knows the company org chart and asks for a new device enrollment. Which three responses are appropriate? Select three.

A help desk technician receives a phone call from someone who claims to be the CFO. The caller says they are traveling, cannot access their MFA app, and needs the technician to reset the account immediately. They also ask the technician to read back the one-time code sent to the executive's phone so they can "verify identity." What type of attack is this most likely?

A help desk technician receives a phone call from someone claiming to be the VP of Finance. The caller says they are in an airport, forgot their phone, and need a password reset immediately. They also ask the technician to skip callback verification because a meeting starts in five minutes. Which two details are the strongest indicators of a pretexting or vishing attempt? Select two.

A help desk technician receives an email that appears to come from the payroll provider. The message says the employee's direct deposit will be suspended unless they verify their account through a link. What type of attack is this?

A caller says they are from the help desk and need the employee's MFA code to "complete a password reset". Which social engineering technique is being used?

A help desk technician receives a phone call from someone who claims to be the CFO. The caller knows the executive team structure, says they are traveling, and insists the technician reset MFA to 'avoid delaying a wire transfer.' Which social engineering technique is the caller primarily using?

Question 10mediummultiple choice
Read the full Social Engineering explanation →

A security analyst is reviewing logs after a successful phishing attack. The attacker used a fake login page that mimicked the company's single sign-on portal to harvest usernames and passwords. The attacker then used the stolen credentials to access the corporate email system. Which type of attack best describes the initial compromise?

Question 11mediummultiple choice
Read the full Social Engineering explanation →

A security analyst receives a phone call from an individual claiming to be a member of the IT help desk. The caller states that an emergency security update requires the analyst's password immediately, and the request sounds urgent. The analyst notices the caller's voice is unfamiliar and the background noise is inconsistent with an office environment. Which type of social engineering attack is being attempted?

Question 12hardmultiple choice
Read the full NAT/PAT explanation →

An accounts payable clerk receives an email that appears to continue an existing thread with a shipping vendor. The sender name, signature block, and invoice number all match a real open order, and the message asks the clerk to use a "new payment portal" and confirm bank details before 3 PM to avoid delayed shipment. The email contains no attachments and only one URL. Which attack type is most likely?

An employee receives an email from someone claiming to be from IT. The message says the employee must read back a one-time verification code so their mailbox can be 'repaired.' What social engineering technique is being used?

Based on the exhibit, what is the BEST response by the employee?

The message appears to come from a trusted internal support team, but the sender details and request do not align with normal procedures.

Exhibit

Email header and body excerpt:
From: "IT Helpdesk" <help@corp-support.example>
Reply-To: support@mail-secure-login.com
Subject: URGENT: MFA re-sync required

Body:
"Your mailbox will be suspended in 15 minutes. To complete the repair, reply with the 6-digit code that was just sent to your phone. If you do not respond now, your account will be locked."
Question 15mediummultiple choice
Read the full Social Engineering explanation →

Based on the exhibit, which awareness action should the security manager prioritize next?

Exhibit

Phishing simulation results from the last 30 days:
- Executives: 24% clicked, 0% reported
- Customer Support: 19% clicked, 1% reported
- Finance: 11% clicked, 3% reported
- IT: 6% clicked, 8% reported

Program note:
- The organization wants to reduce user clicks and improve reporting of suspicious messages.
Question 16hardmultiple choice
Read the full NAT/PAT explanation →

Based on the exhibit, which awareness control best addresses the observed failure pattern?

Exhibit

Phishing awareness summary:
- 300 users received a fake help-desk phone call
- 17 users disclosed a one-time code
- 41 users reported the call
- Most failures happened after the caller asked users to "verify" their account
Sample call script:
"Please read the code from your authenticator app so we can restore access."
Training manager note:
- Users recognize suspicious emails more often than suspicious phone calls.
Question 17mediummultiple choice
Read the full Social Engineering explanation →

Finance staff receive an email from the 'CFO' using a lookalike domain. The message requests an urgent gift-card purchase, says the recipient must keep it confidential, and pressures them to skip normal approval steps. What attack is this most likely?

Question 18mediummultiple choice
Read the full Social Engineering explanation →

A procurement clerk receives a text message from someone claiming to be a supplier account manager. The message says a recent payment failed and asks the clerk to update bank details through a link to a secure portal. What should the clerk do first?

An employee receives a phone call from someone claiming to be IT and asking for a one-time verification code to "fix" the employee's account. What is the best response?

An employee receives a text message that says, "Your MFA enrollment expired. Tap here now to re-activate access or your account will be locked." What should the employee do first?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Social Engineering sessions

Start a Social Engineering only practice session

Every question in these sessions is drawn from the Social Engineering domain — nothing else.

Related practice questions

Related SY0-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SY0-701 exam test about Social Engineering?
Social Engineering questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Social Engineering questions in a focused session?
Yes — the session launcher on this page draws every question from the Social Engineering domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SY0-701 topics?
Use the topic links above to move to related areas, or go back to the SY0-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SY0-701 exam covers. They are not copied from any real exam or dump site.