SY0-701 Exam Dumps - CompTIA Security+ Exam 2025

Masking is a method to secure credit card data that involves replacing some or all of the digits with symbols, such as asterisks, dashes, or Xs, while leaving some of the original digits visible. Masking is best to use when a requirement is to see only the last four numbers on a credit card, as it can prevent unauthorized access to the full card number, while still allowing identification and verification of the cardholder. Masking does not alter the original data, unlike encryption, hashing, or tokenization, which use algorithms to transform the data into different formats.

Homomorphic encryption allows data to be encrypted and manipulated without needing to decrypt it first. This cryptographic technique would allow the financial institution to store customer data securely in the cloud while still permitting operations like searching andcalculations to be performed on the encrypted data. This ensures that the cloud service provider cannot decipher the sensitive data, meeting the institution’s security requirements.

References =

CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture​.

CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptographic Techniques​.

Data masking replaces sensitive data with realistic but fictional data, preserving format and usability while protecting confidential information during testing in environments like UAT (User Acceptance Testing).

Tokenization (B) replaces data with tokens but is more common for payment data in production. Obfuscation (C) scrambles data but is less structured than masking. Encryption (D) protects data confidentiality but may not be practical for testing.

Data masking is a best practice for protecting sensitive data in non-production environments covered in the General Security Concepts domain【6:Chapter 7†CompTIA Security+ Study Guide】.

A site survey is the formal process used to determine the required number, placement, and configuration of wireless access points (APs). Security+ SY0-701 states that site surveys measure RF propagation, identify dead zones, account for building materials, detect interference sources, and evaluate coverage overlap. This information allows network engineers to deploy the fewest APs necessary while still ensuring full coverage.

Although heat maps (C) are generated as a result of a site survey, they are visualization tools—not the actual survey process. A signal locator (A) is not a standardized tool in wireless planning. WPA3 (B) is a wireless security protocol and has no impact on access point planning or coverage optimization.

A full site survey ensures optimal AP placement to balance coverage, performance, and cost—exactly the concern described in the scenario.

Thus, the correct answer is D: Site survey.

Effective change management requires structured planning, testing, review, approval, deployment, and rollback capabilities. According to CompTIA Security+ SY0-701, one of the most critical components of change management is having a backout plan, which allows the organization to safely revert changes if the update or patch causes issues, operational disruption, or security instability. A proper backout plan reduces downtime, maintains system availability, and protects against unexpected failures.

Approving a change after deployment (A) violates standard change management protocols. Approval must occur before live implementation. Using a spreadsheet (C) is not considered an effective or secure change management mechanism. Automatic bypassing of change controls (D) is dangerous, even for security patches, because changes must be tested to avoid service outages or unintended vulnerabilities.

Therefore, the best description of effective change management is B: Having a backout plan when a patch fails.

Change management is the formal process designed to control, document, approve, and track modifications to systems, internal processes, assets, and security controls. This control mechanism helps prevent unauthorized or unintended changes that could introduce vulnerabilities or disrupt operations.

Playbooks are documented procedures for responding to incidents, incident response manages security incidents, and acceptable use policies define acceptable user behavior but do not directly control changes.

By enforcing proper change management, organizations maintain the integrity and security of their infrastructure, which is a critical topic covered in the Security Program Management and Oversight domain of SY0-701【6:Chapter 16†CompTIA Security+ Study Guide】

Container image hardening best practices include removing default or unnecessary applications (A) to reduce the attack surface and disabling insecure protocols like Telnet (C) to prevent exploitation. Minimizing software components reduces vulnerabilities and limits potential exploits.

Installing a Network Intrusion Prevention System (NIPS) (B) is a network security measure, not typically embedded in a container image. Reconfiguring DNS (D), adding an SFTP server (E), or deleting public certificates (F) are unrelated or could disrupt container functionality.

These practices are part of securing containerized environments covered under Security Architecture topics in SY0-701【6:Chapter 10†CompTIA Security+ Study Guide】.

Data sovereignty concerns the laws and governance that apply to data at rest outside of a country’s borders. It refers to the legal implications and regulatory controls over where data is stored geographically.