General Security Concepts
Drill 10 practice questions focused entirely on General Security Concepts for the CompTIA SY0-701 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A security administrator needs to implement a certificate validation method that provides real-time revocation status checks with minimal overhead. The solution must allow clients to query the status of a single certificate without downloading large files. Which protocol should be implemented?
A company runs a legacy payment application on an outdated operating system that cannot be patched to remediate a known critical vulnerability. Business requirements prevent decommissioning the system for another 18 months. To reduce risk in the interim, the security team places the server on an isolated network segment behind a dedicated firewall with strict access rules and enhanced logging. Which type of security control does this MOST accurately describe?
A hospital runs a legacy application on an unsupported operating system that can no longer receive security patches. Management refuses to decommission the system because it is critical to patient scheduling. To reduce risk, the security team isolates the server on a dedicated VLAN and places a next-generation firewall in front of it to inspect all traffic. Which type of security control BEST describes this approach?
A payment processing company needs to store customer credit card information for recurring billing purposes while minimizing the risk of exposing sensitive cardholder data. The security team wants to replace the actual credit card numbers with randomly generated values that can be mapped back to the original data only through a secure lookup service. Which cryptographic solution should be implemented?
A healthcare organization stores patient records in a database on physical servers in their data center. The Chief Information Security Officer (CISO) is concerned about unauthorized access to sensitive patient information if storage media is physically stolen or improperly disposed of. Which cryptographic solution should be implemented to protect this data?
A healthcare organization is implementing encryption for its patient database to protect data at rest. The security team needs to ensure cryptographic keys are stored securely and isolated from the application servers. The solution must provide dedicated hardware for key management with tamper-resistant properties and meet compliance requirements for protecting sensitive health information. Which cryptographic tool should the organization implement?
A healthcare organization stores nightly database backups on tape media that are transported by a third-party courier to an offsite facility 50 miles away. The security team is concerned about protecting patient health information during transit. Which cryptographic solution should be implemented to protect the confidentiality of the data if the tapes are lost or stolen during transport?
A security administrator is implementing various controls to protect a data center. They install surveillance cameras, deploy an intrusion detection system (IDS) to monitor network traffic, require visitors to sign in at reception, and configure firewall rules to block unauthorized access. Which category does the IDS primarily represent?
A security administrator configures firewall rules to block inbound traffic on port 23 (Telnet) and enforce SSH connections on port 22 instead. The administrator then creates a policy document requiring all remote access to use encrypted protocols. Which combination of control category and type best describes these actions?
In a Zero Trust architecture, a request to access a resource is evaluated against policy along with signals such as user identity, device posture, and risk score. Which control-plane component is responsible for making the final grant-or-deny access decision?
More SY0-701 practice
Keep going with the other CompTIA Security+ (SY0-701) domains, or take a full timed mock exam.
← Back to SY0-701 overview