Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 18 )

Updated On: 31-Mar-2026
Page 18 of 91
PDF with 757 Questions

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible.
Which of the following models offers the highest level of security?

  1. Cloud-based
  2. Peer-to-peer
  3. On-premises
  4. Hybrid

Answer(s): C

Explanation:

An on-premises architecture provides the highest level of control over data security, as the organization manages its own hardware, software, and network infrastructure directly. This setup enables the organization to implement strict access controls, customize security measures according to regulatory requirements, and avoid some of the risks associated with data transmission and storage in cloud environments, particularly for sensitive or proprietary information.



Which of the following is the most relevant reason a DPO would develop a data inventory?

  1. To manage data storage requirements better
  2. To determine the impact in the event of a breach
  3. To extend the length of time data can be retained
  4. To automate the reduction of duplicated data

Answer(s): B

Explanation:

A data inventory provides a comprehensive overview of what data the organization holds, where it is stored, and its sensitivity. This information is crucial for assessing the potential impact of a data breach, as it allows the DPO to identify which data would be affected and the associated risks. Additionally, it aids in compliance with data protection regulations by ensuring that sensitive data is adequately managed and protected.



Which of the following cryptographic solutions protects data at rest?

  1. Digital signatures
  2. Full disk encryption
  3. Private key
  4. Steganography

Answer(s): B

Explanation:

Full disk encryption (FDE) secures data at rest by encrypting the entire storage drive, ensuring that data is protected when the system is powered off or if the drive is accessed without authorization. This approach is commonly used to protect sensitive data stored on devices like laptops, servers, and storage media.



Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

  1. ACL
  2. IDS
  3. HIDS
  4. NIPS

Answer(s): D

Explanation:

A Network Intrusion Prevention System (NIPS) actively monitors network traffic and can detect and block malicious activities in real-time, helping to prevent external attacks. Unlike IDS, which only detects intrusions, NIPS can take immediate action to stop threats, making it a strong defensive measure against unauthorized external attacks.



Which of the following would enable a data center to remain operational through a multiday power outage?

  1. Generator
  2. Uninterruptible power supply
  3. Replication
  4. Parallel processing

Answer(s): A

Explanation:

A generator can provide continuous power for extended periods during a power outage, as long as it has sufficient fuel. Unlike an Uninterruptible Power Supply (UPS), which is typically used to bridge short power interruptions, a generator is designed to sustain operations over longer durations, making it ideal for keeping a data center functional during a multiday outage.



A company installed cameras and added signs to alert visitors that they are being recorded.
Which of the following controls did the company implement? (Choose two.)

  1. Directive
  2. Deterrent
  3. Preventive
  4. Detective
  5. Corrective
  6. Technical

Answer(s): B,D

Explanation:

The company uses signs and cameras to deter and detect activity, triggering visibility of surveillance. B) Deterrent explains reducing unauthorised access by signaling monitoring. D) Detective describes identifying when a security event occurs by monitoring and recording. A) Directive is policy guidance, not a physical control. C) Preventive aims to stop incidents before they occur, which is not demonstrated by signs/cameras alone. E) Corrective refers to restoring after an incident, not used here. F) Technical denotes the nature of the control (physical vs technical); while cameras are technical, the question asks which control type categories fit, and the correct pairs are deterrent and detective.



Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed?

  1. Public key infrastructure
  2. Open public ledger
  3. Public key encryption
  4. Key escrow

Answer(s): D

Explanation:

Key escrow involves storing the encryption key with a trusted third party or system that securely retains the key and grants access to authorized entities as needed. This approach ensures that multiple authorized parties can access the key in a controlled and secure manner, making it a reliable solution for shared access requirements.



For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor's website?

  1. To test the integrity of the file
  2. To validate the authenticity of the file
  3. To activate the license for the file
  4. To calculate the checksum of the file

Answer(s): A

Explanation:

A hash (such as one generated using 3DES) is used to verify that the file has not been altered or corrupted during download. By comparing the hash of the downloaded file with the one provided by the vendor, the administrator can confirm the file's integrity.



Viewing page 18 of 91
Viewing questions 137 - 144 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!