Practice Free SC-730 Exam Online Questions
Scenario: While browsing the internet, you accidentally discover a public repository containing your company’s highly sensitive internal customer database passwords.
Under the incident response framework, what is the required action?
- A . Ignore the situation completely because the repository is hosted on an external third-party website.
- B . Send a private message to the owner of the public repository and politely ask them to delete the files.
- C . Discuss the discovery casually with your friends during lunch to see if they know how to handle it.
- D . Escalate the incident immediately to the corporate security operations team and senior leadership.
Why is it highly encouraged to report a "near miss" security event, such as spotting a sophisticated phishing email even if you successfully avoided clicking the malicious link?
- A . The human resources department tracks near misses to evaluate employees for their annual promotions.
- B . It provides valuable threat intelligence, allowing the security team to block the sender and protect other employees.
- C . Failing to report a near miss is strictly classified as a severe international cybercrime by law enforcement.
- D . Because the IT department issues mandatory monetary bonuses to employees for every suspicious email reported.
During your lunch break, you discover an unlabeled, high-capacity USB flash drive sitting on a table in the company breakroom.
Which specific social engineering attack relies on your curiosity to plug it into your computer?
- A . Pretexting
- B . Phishing
- C . Baiting
- D . Tailgating
Scenario: You scan your badge to enter the secure server room. A person carrying heavy boxes asks you to hold the secure door open for them so they do not have to put the boxes down to scan their own badge.
What should you do?
- A . Hold the door open out of professional courtesy since their hands are completely full of heavy boxes.
- B . Prop the door open securely with a physical doorstop so they can bring all the heavy boxes inside.
- C . Ask them to wait while you fetch a rolling cart, then hold the door open for them to enter easily.
- D . Politely refuse and strictly require them to use their own ID badge to scan into the secure room.
Scenario: A small business recently migrated all its operations to Microsoft 365 cloud services. The business owner assumes they no longer need to worry about employee passwords because "the cloud provider handles all the security now."
Is this assumption correct?
- A . Yes, because cloud providers assume complete responsibility for all user identity management.
- B . Yes, because the cloud automatically blocks all phishing attacks before they reach the inbox.
- C . No, because under the shared responsibility model, the customer must always secure their own credentials.
- D . No, because cloud environments do not utilize passwords or multifactor authentication protocols.
Scenario: A financial analyst wants to use a public, free generative AI tool to quickly summarize an unreleased quarterly earnings report.
Why is this action prohibited by organizational data standards?
- A . Public AI tools will permanently delete the original report files from the local network.
- B . Public AI tools automatically translate the financial data into unrecognizable languages.
- C . Public AI tools cannot process numerical data and will instantly crash the computer.
- D . Public AI models may use user inputs for training, potentially exposing the data publicly.
Scenario: You receive a text message (SMS) claiming to be from the company’s CEO, asking you to urgently purchase $500 in gift cards to give out as employee rewards.
What type of attack does this scenario represent?
- A . A targeted smishing (SMS phishing) and impersonation attack attempting to steal corporate funds.
- B . A sophisticated physical social engineering attack targeting the corporate office’s main shipping dock.
- C . An advanced persistent threat exploiting a zero-day vulnerability in the smartphone’s operating system.
- D . A malicious ransomware infection actively encrypting the local text messaging application on your phone.
As a business professional using a company-issued smartphone, what is a fundamental security practice you must configure to protect corporate data?
- A . Keep Bluetooth and Wi-Fi connections in "discoverable" mode at all times.
- B . Root or jailbreak the device to install custom security monitoring software.
- C . Write down the unlock PIN and keep it in your phone case for easy access.
- D . Set a strong screen lock (PIN/biometrics) and enable a short automatic timeout.
Scenario: A software developer wants to quickly find a bug in a piece of highly confidential, proprietary source code. They decide to paste the code into a free, public generative AI chatbot.
Why does this violate security policies?
- A . The public AI chatbot is completely incapable of processing complex programming languages.
- B . The public AI chatbot will automatically delete the original source code from the local computer.
- C . The public AI model may ingest the sensitive proprietary code to train its algorithms for external users.
- D . The public AI model will permanently translate the code into an unrecognizable foreign language.
Scenario: You receive an urgent email from your CEO: "I am in a confidential meeting. I need you to purchase $500 in Apple gift cards for a client right now and email me the activation codes."
What is the correct action?
- A . Purchase the gift cards immediately to impress the CEO and ensure the client relationship is maintained.
- B . Verify the unusual request by calling the CEO directly on a known, verified phone number before acting.
- C . Forward the email directly to the client to ask them if they truly require the Apple gift cards.
- D . Reply to the email with the activation codes, and then submit a formal expense report the following week.