IBM Security Foundations Intermediate Practice Exam: Medium Difficulty 2025

A financial organization is implementing a defense-in-depth strategy and needs to understand the relationship between different security controls. The security team has deployed firewalls, intrusion detection systems, and encryption. Which statement best describes how these controls should work together?

An e-commerce company experiences a security incident where their web application is receiving an unusually high volume of requests from multiple IP addresses worldwide, causing legitimate customers to be unable to access the site. The security team observes that the requests appear automated. What type of attack is most likely occurring and what is the primary security impact?

A healthcare organization must comply with data protection regulations and is designing their network security architecture. They need to segment their network to separate systems containing patient health records from general business systems. Which approach best aligns with security best practices?

A company is implementing data protection measures and needs to decide between encryption at rest and encryption in transit for different scenarios. Customer payment information is stored in a database and transmitted to a payment processor. What approach should they implement?

An organization's security team is analyzing network traffic and notices encrypted traffic leaving their network to an unknown external destination. They want to inspect this traffic for potential data exfiltration while maintaining security. What challenge does this present and what capability would help address it?

A company is implementing a new access control system for their corporate resources. They want employees to access multiple applications using a single set of credentials, while maintaining separate authorization levels for each application. Which combination of technologies best addresses this requirement?

An organization experiences repeated unauthorized access attempts to privileged accounts from various locations and at unusual times. They want to implement additional security beyond passwords. Which approach provides the most effective additional layer of security while balancing usability?

A company is implementing the principle of least privilege for their system administrators. Currently, all administrators have permanent full access to all systems. What approach best implements this principle while maintaining operational efficiency?

During an incident response, a security analyst discovers malware on a critical production server. The malware appears to be actively communicating with an external command-and-control server. According to incident response best practices, what should be the analyst's immediate priority?

A security operations center (SOC) is reviewing their incident classification process. They receive an alert that an employee's laptop has been infected with ransomware that has encrypted local files but has not spread to network shares. How should this incident be classified in terms of severity, and what factor most influences this classification?