security+ practice test Intermediate Practice Exam: Medium Difficulty 2025

A healthcare organization is migrating several internal web applications to a public cloud provider. The security team must ensure that no patient data is stored in regions outside the approved country and that new cloud resources cannot be created in unapproved regions. Which approach best meets this requirement?

A security analyst reviews logs and finds multiple successful logins from a single user account occurring within minutes from two distant geographic locations. Immediately afterward, the account initiates mass downloads from a file repository. Which mitigation is the BEST next step to reduce impact while preserving evidence?

A company wants to reduce the risk of credential reuse attacks across SaaS applications. The solution must provide a single identity source, enforce MFA, and allow rapid user deprovisioning when employees leave. Which solution BEST meets these requirements?

A SOC detects a phishing campaign delivering an attachment that, when opened, attempts to contact a newly registered domain and download a second-stage payload. The organization wants to reduce the likelihood of successful execution if a user opens the attachment. Which control provides the BEST defense-in-depth improvement?

A company is designing network segmentation for a manufacturing site. The OT network includes legacy PLCs that cannot be patched frequently. The IT network hosts user workstations and internet access. Which architecture choice BEST reduces risk of lateral movement from IT to OT while still allowing limited monitoring of OT devices?

An organization stores encryption keys in a centralized key management service. An auditor asks how the organization ensures administrators cannot both manage keys and decrypt sensitive data without oversight. Which practice BEST addresses this concern?

A vulnerability scan shows a critical RCE vulnerability on a customer-facing server. The server hosts a legacy application that cannot be patched for two weeks due to vendor constraints. Which compensating control is MOST appropriate to reduce risk during this period?

A company wants to improve detection of credential dumping and suspicious privilege escalation on endpoints. The security team also wants the ability to isolate hosts quickly during an incident. Which solution BEST meets these goals?

A security manager is updating the organization’s incident response plan. Leadership wants to ensure the plan includes clear criteria for when to involve legal counsel, preserve evidence, and notify regulators. Which document component BEST addresses these requirements?

A SIEM rule generates an alert when a user downloads more than 5GB from a cloud storage service. The SOC reports many false positives caused by legitimate backups and engineering builds. The organization wants to reduce false positives without losing the ability to detect exfiltration. What is the BEST adjustment?