CompTIA Security+ (SY0-701) · Domain 3 · 18% of exam

Security Architecture

Drill 18 practice questions focused entirely on Security Architecture for the CompTIA SY0-701 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer18 questions
Question 1 of 18

A healthcare organization is implementing a new customer service system where call center representatives need to verify patient identities but should not have access to full Social Security Numbers or complete credit card details. The organization wants to maintain the original data format while protecting sensitive information from unauthorized viewing. Which data protection method should be implemented?

Reviewed for accuracy · Report an issue
Question 2 of 18

A multinational pharmaceutical company is migrating patient trial data to a cloud provider. The company must comply with regulations requiring that EU citizen health data remain physically stored within EU borders and cannot be transferred to other jurisdictions. Which of the following should the security architect implement to meet this requirement?

Reviewed for accuracy · Report an issue
Question 3 of 18

A European healthcare organization is migrating patient health records to a cloud service provider. Regulatory requirements mandate that all patient data must be processed and stored within the European Union to comply with GDPR. Which data protection consideration is primarily being addressed?

Reviewed for accuracy · Report an issue
Question 4 of 18

A multinational healthcare organization is migrating patient records to a cloud provider. The organization operates in the European Union and must comply with GDPR requirements that mandate patient data remain within EU borders. Which of the following should the security architect prioritize when selecting cloud storage regions?

Reviewed for accuracy · Report an issue
Question 5 of 18

A multinational financial services company stores customer account data in a cloud database hosted in the United States. New regulations in the European Union require that all personal data of EU citizens must be processed and stored within EU borders. The company needs to comply while maintaining operational efficiency. Which solution BEST addresses this data sovereignty requirement?

Reviewed for accuracy · Report an issue
Question 6 of 18

A multinational financial services company is expanding operations into the European Union and must comply with GDPR requirements for customer data. The company currently stores all customer records in a centralized database hosted in their US-based data center. Which approach BEST addresses data sovereignty concerns while maintaining operational efficiency?

Reviewed for accuracy · Report an issue
Question 7 of 18

A retail organization is redesigning its point-of-sale system to reduce the scope of PCI DSS compliance. The security team needs to protect credit card numbers while still allowing the system to reference transactions for returns and customer service inquiries. The solution must ensure that if the database is compromised, actual card numbers cannot be retrieved. Which data protection method best meets these requirements?

Reviewed for accuracy · Report an issue
Question 8 of 18

A financial services company is migrating customer credit card data to a cloud storage solution. Regulatory requirements mandate that cardholder data must be protected from unauthorized access even if storage media is physically compromised. The security team needs to select the most appropriate data protection method that addresses this specific compliance requirement while maintaining the ability to process transactions.

Reviewed for accuracy · Report an issue
Question 9 of 18

A financial services company is migrating customer credit card data to a cloud-based payment processing system. The security team must ensure that cardholder data is protected both when stored in the database and when transmitted between the payment gateway and third-party processors. Which combination of data protection methods should be implemented to meet PCI DSS compliance requirements?

Reviewed for accuracy · Report an issue
Question 10 of 18

A manufacturing plant runs a SCADA system that controls production line machinery. The vendor no longer provides firmware updates, and the embedded controllers cannot be taken offline without halting production for days. A recent assessment flagged several unpatchable vulnerabilities in these controllers. Which architectural consideration is the security team primarily dealing with, and what is the most appropriate response?

Reviewed for accuracy · Report an issue
Question 11 of 18

A hospital data center must keep critical patient monitoring systems running through both brief power fluctuations and multi-hour utility outages. The facilities team needs a resilience design that provides instantaneous, uninterrupted power the moment utility power fails, while also sustaining the load for many hours during extended outages. Which combination should the team implement?

Reviewed for accuracy · Report an issue
Question 12 of 18

A retail company processes thousands of credit card transactions daily. Compliance auditors require that primary account numbers (PANs) not be stored in the company's databases or analytics systems, yet the marketing team still needs a consistent value to link repeat purchases from the same card without ever seeing the real card number. Which data protection method best satisfies both requirements?

Reviewed for accuracy · Report an issue
Question 13 of 18

A retail company stores customer credit card numbers to enable recurring subscription billing. Auditors require that the actual card numbers not be present in the company's transaction database, yet the billing system must still be able to reference the same card for repeat charges without a customer re-entering it. Which data protection method best meets these requirements?

Reviewed for accuracy · Report an issue
Question 14 of 18

A financial services company allows a team of data analysts to run queries against a production customer database that contains full account numbers. The analysts only need to see partial account numbers to perform trend analysis, and they must never be able to view the complete values. Which data protection method best meets this requirement while keeping the data usable for the analysts?

Reviewed for accuracy · Report an issue
Question 15 of 18

A financial services company is building a new analytics platform in a non-production environment. Developers need realistic customer records that preserve referential integrity across tables (so the same customer account number consistently links related records), but the actual account numbers must never be exposed. The company also wants the ability to reverse the process in a secured production system to retrieve original values when required for reconciliation. Which data protection method BEST meets these requirements?

Reviewed for accuracy · Report an issue
Question 16 of 18

A financial services company is building a test environment that mirrors production. Developers need realistic customer records to test an application, but the company must ensure that actual credit card numbers are never exposed in non-production systems while keeping the same data format so validation logic still functions. Which method best meets these requirements?

Reviewed for accuracy · Report an issue
Question 17 of 18

A retail organization processes credit card transactions and needs to reduce PCI DSS scope by ensuring that sensitive payment card data is not stored in their e-commerce application database. The solution must allow the organization to reference transactions for refunds and chargebacks while minimizing the risk of data exposure. Which data protection method should be implemented?

Reviewed for accuracy · Report an issue
Question 18 of 18

A regional insurance company is designing its disaster recovery strategy. Management wants to be able to resume critical operations within 12 hours of a primary data center failure, but the CFO has rejected proposals for a fully staffed, always-on secondary facility due to the ongoing expense. The IT team needs a recovery site that has hardware and network connectivity pre-installed, with recent (but not real-time) data available for restoration. Which site type BEST meets these requirements?

Reviewed for accuracy · Report an issue

More SY0-701 practice

Keep going with the other CompTIA Security+ (SY0-701) domains, or take a full timed mock exam.

← Back to SY0-701 overview