Cybersecurity Practitioner Intermediate Practice Exam: Medium Difficulty 2025

A retail company is migrating customer-facing workloads to the cloud. The security team wants a consistent way to evaluate and prioritize security risks across on-prem and cloud assets, and to communicate risk in business terms (likelihood and impact). Which approach best fits this need?

A user receives an email with an attachment that attempts to run a script and then contact an external server to download a second-stage payload. Which combination of controls best reduces the chance of compromise and limits impact if a user still opens the file?

A healthcare organization is designing access controls for an internal portal that handles patient records. They want users to have only the access needed for their job, and they also want a second factor for high-risk actions like exporting reports. Which strategy best meets both goals?

A company wants to reduce the attack surface for internal applications. They plan to segment the network but also need to ensure security policy is based on the actual application being used rather than just ports. What design best aligns with this requirement?

Security analysts see repeated outbound connections from a workstation to newly registered domains over HTTPS. The connections are short-lived and occur shortly after the user opens email attachments. Which detection-and-prevention approach is most appropriate?

A small enterprise wants to securely connect remote branches to the headquarters while also inspecting traffic for threats. They need a solution that provides VPN connectivity and centralized security policy enforcement. Which approach best fits?

A company wants to prevent data exfiltration to unsanctioned SaaS apps while allowing approved cloud services. They also want visibility into which cloud apps users are accessing. Which Palo Alto Networks capability best addresses this use case?

A security team wants to reduce the time it takes to detect and respond to threats across endpoints, network, and cloud workloads. They want correlated alerts rather than isolated logs from separate tools. Which Palo Alto Networks-aligned approach best supports this goal?

An organization is adopting a Zero Trust approach. They already use MFA and device posture checks. They now want to ensure third-party contractors can access only specific internal applications without being placed on the internal network. Which solution pattern best matches this requirement?

After a suspected compromise, an analyst needs to contain the threat quickly while preserving evidence for investigation. Which action sequence best reflects security operations best practices?