Practice set
Security+ SY0-701 questions
Question 1easymultiple choice
Full question →A laptop is suspected of being used in a malware incident. It is still powered on and connected to Wi-Fi. What should the responder do before shutting it down?
Question 2mediummultiple choice
Full question →An employee reports a ransomware note on a file server. The server is still powered on, shares are still being accessed, and management wants service restored as quickly as possible. What should the incident response team do first?
Question 3mediummultiple choice
Full question →An employee reports a ransomware note on a finance laptop. The laptop is still powered on, connected to Wi-Fi, and the user says they were just working in a spreadsheet. Management wants the fastest safe response that also preserves evidence. What should the responder do first?
Question 4mediummultiple choice
Full question →You are handed a company laptop suspected in an insider theft case. Legal says the evidence may be needed in court. Which action best preserves admissibility?
Question 5easymulti select
Full question →A developer wants to reduce the risk of SQL injection in a new customer search form. Which two changes are the best mitigations? Select two.
Question 6mediummultiple choice
Full question →A branch office uses a flat LAN, and a compromise on one user workstation could spread quickly to finance systems. Management wants finance workstations isolated from general users, but finance staff still need access to a central finance application and network printer. What is the best design change?
Question 7easymultiple choice
Full question →A business wants to keep operating even if a supplier-related loss occurs, so it purchases cyber insurance to offset possible costs. Which risk treatment is being used?
Question 8mediummultiple choice
Full question →A caller claims to be from the company's SaaS provider and says a tenant migration will fail unless the help desk reads back a one-time verification code sent to an administrator's phone. The caller knows the admin's name and ticket number. What attack technique is being used?
Question 9easymultiple choice
Full question →A branch office loses power briefly several times each month. Which control best helps keep network equipment running long enough for an orderly shutdown?
Question 10mediummultiple choice
Full question →A business owner asks the security team to compare the cost of two controls for a legacy application in dollar terms. The team estimates the annual chance of a breach, the potential loss per event, and the expected yearly loss after each control is applied. Which risk analysis approach is being used?
Question 11mediummultiple choice
Full question →A billing application has an RTO of 2 hours and an RPO of 30 minutes. The current recovery method requires rebuilding the VM from scratch and then restoring last night's backup, which takes over six hours. Which solution best meets the stated recovery objectives?
Question 12mediummultiple choice
Full question →A cloud-hosted application allows users to submit a URL for image processing. Logs show repeated requests such as `http://169.254.169.254/latest/meta-data/` and `http://localhost/admin`. The server is making outbound requests on behalf of the user input. What is the best defensive control to implement?
Question 13mediummultiple choice
Full question →A branch office's network closet has repeated unauthorized access issues after staff badge in and hold the door for others. Management wants a control that allows one person through after valid badge use and helps prevent tailgating. Which control is best?
Question 14mediummultiple choice
Full question →A cloud support team is changing the way employees access an internal finance portal. Instead of trusting the user's initial login for the rest of the session, the portal now checks identity, device posture, and request context again before allowing access to payroll data or download actions. Which security concept is being implemented?
Question 15easymultiple choice
Full question →A company is placing its public web server so internet users can reach it, but the database server must stay hidden from the internet and be reachable only by the web server. Which design best supports this goal?
Question 16mediummulti select
Full question →A company-owned laptop is suspected in an insider theft case and legal says the evidence may be used in court. Which two actions best support evidence admissibility during transport to the evidence locker? Select two.
Question 17easymulti select
Full question →A customer portal must stay online if one application server fails. Which two design choices improve availability? Select two.
Question 18mediummulti select
Full question →A help desk manager is hardening a fleet of Windows laptops. The goal is to prevent booting from untrusted external media and to ensure only approved software can run on the devices. Which two controls best address those goals? Select two.
Question 19hardmulti select
Full question →A contractor signs in to a project portal that integrates several SaaS apps. Access should be granted only while the user is on a managed device, assigned to the project, and using a fresh second factor. The business also wants the contractor to avoid separate logins to each app. Which three controls best fit this design? Select three.
Question 20hardmulti select
Full question →A developer requests a 45-day exception to use an unsupported browser plug-in on two engineering workstations so a legacy design tool can finish a customer deliverable. Which three conditions should be required before approving the exception? Select three.
Question 21mediummulti select
Full question →A finance workstation is suspected of running malware. It is still powered on, the user is logged in, and the network cable is connected. Which two actions best preserve volatile evidence before shutdown? Select two.
Question 22mediummultiple choice
Full question →A CFO at a mid-sized company receives an urgent email that appears to come from the CEO's email address, requesting an immediate wire transfer of $50,000 to a new vendor for a time-sensitive project. The email address displayed is 'ceo@cornpany.com' instead of the legitimate 'ceo@company.com'. The CFO follows the instruction and initiates the transfer. Later, the real CEO denies sending such a request. Which of the following security controls would have been MOST effective in preventing this type of attack from succeeding?
Question 23easymulti select
Full question →A company is building a public web app with three tiers. Internet users should reach only the web tier, and the app tier should never be reachable from the internet. Which two network design choices support this goal? Select two.
Question 24hardmulti select
Full question →