security+ practice test Practice Exam 2025: Latest Questions

A security analyst wants to reduce the impact of credential theft by ensuring users must provide two different types of evidence during sign-in. Which of the following best describes this control?

A company is concerned about an employee plugging an unauthorized USB device into a workstation and exfiltrating data. Which of the following is the BEST preventive control to implement on endpoints?

A user reports receiving an email that appears to be from the CFO asking for an urgent wire transfer and includes a link to "verify banking details." Which of the following threats is MOST likely being attempted?

A security administrator needs to ensure that only the minimum required permissions are granted to employees to perform their job functions. Which principle should the administrator apply?

A company is moving a customer-facing web application to the cloud. The security team wants to reduce the likelihood of a web server being used to reach internal database servers. Which design is MOST appropriate?

During incident response, an analyst suspects a host is beaconing to a command-and-control (C2) server. Which action is BEST to take FIRST to support containment while preserving evidence?

A security team wants to validate that backups can be restored and that the disaster recovery plan works as documented, without impacting production systems. Which exercise type BEST meets this requirement?

A SOC is overwhelmed by alerts and wants to reduce noise by automatically closing known-benign detections while escalating high-confidence alerts with context (asset criticality, user identity, and recent related events). Which solution BEST supports this objective?

A company must allow a third-party vendor to manage a specific set of cloud resources. The vendor should have only the permissions necessary and access should be time-bound and fully auditable. Which approach BEST meets these requirements?

An organization uses a CI/CD pipeline to deploy containerized applications. The security team wants to prevent secrets (API keys, tokens) from being embedded in container images and ensure services can retrieve secrets securely at runtime. Which solution is BEST?

A security analyst is comparing encryption options. Which of the following BEST describes a key benefit of using asymmetric encryption in a secure communication setup?

A company wants to ensure that if an attacker steals a database backup, the attacker cannot read the data without access to a separate key management system. Which of the following BEST meets this requirement?

A user receives an email appearing to be from the CFO requesting an urgent wire transfer. The message uses a convincing display name but the sending address is slightly altered. Which type of attack is this MOST likely?

A cloud security engineer needs to reduce the attack surface of a public API by preventing injection attacks and enforcing common HTTP protections. Which solution should be implemented FIRST in front of the API?

A security team is configuring email protections and wants receiving mail servers to reject messages that fail alignment checks for the organization’s domain. Which of the following should the team implement?

An analyst is investigating a suspected compromised workstation. The workstation’s EDR alerts show PowerShell spawning from a Microsoft Office process and immediately reaching out to a newly registered domain. Which action should the analyst take NEXT to minimize impact while preserving evidence?

A company is rolling out a data classification program. Which of the following should be defined FIRST to ensure consistent handling requirements across departments?

After a third-party breach, a company wants stronger assurance that its vendors follow security best practices without performing on-site audits for every vendor. Which of the following provides the BEST standardized evidence for vendor security posture during procurement?

A company is designing a highly regulated environment and must ensure administrators cannot access production customer data while still being able to maintain systems. Which approach BEST satisfies this requirement?

During an incident, an IR lead needs to collect evidence from a running Linux server suspected of hosting an in-memory webshell. The priority is to capture volatile artifacts before they are lost. Which of the following should be performed FIRST?

A security administrator is configuring access controls for a new file share. The requirement is that users should have only the minimum permissions needed to complete their job tasks, and access should be reviewed regularly. Which principle is being applied?

A company has a set of Windows and Linux servers that must remain on for business operations. The security team needs to continuously identify missing patches and misconfigurations and generate reports for auditors. Which solution best meets this requirement?

An organization wants to prevent employees from connecting corporate laptops to unknown Wi-Fi hotspots and accessing internal resources without verifying the laptop’s security posture (e.g., EDR running, disk encryption enabled). Which solution should the organization implement?

A SOC analyst is reviewing SIEM alerts and notices repeated successful logins to a privileged account from two geographically distant locations within minutes of each other. Which type of activity does this most likely indicate?

A company is adopting a cloud-based CRM system and must ensure that customer records are encrypted with keys that the company controls. The provider should not be able to decrypt the data without the company’s cooperation. Which approach best satisfies this requirement?