CompTIA Security+ (SY0-701) Exam
Objectives Master Set 2025 Questions
and Answers
Public key infrastructure (PKI) - ANSWER✔✔-A system that manages the creation, distribution,
and revocation of digital certificates.
Public key - ANSWER✔✔-A cryptographic key that is used for encryption and verifying digital
signatures in asymmetric encryption.
Private key - ANSWER✔✔-A cryptographic key that is used for decryption and creating digital
signatures in asymmetric encryption.
Key escrow - ANSWER✔✔-A process where a trusted third party holds a copy of an encryption
key.
Encryption - ANSWER✔✔-The process of converting plaintext into ciphertext to protect data
confidentiality.
Full-disk encryption - ANSWER✔✔-The process of encrypting the entire disk to protect all data
stored on it.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,Partition encryption - ANSWER✔✔-The process of encrypting a specific partition on a disk.
File encryption - ANSWER✔✔-The process of encrypting individual files to protect their contents.
Volume encryption - ANSWER✔✔-The process of encrypting a logical volume, which can span
multiple disks or partitions.
Database encryption - ANSWER✔✔-The process of encrypting a database to protect its contents.
Record encryption - ANSWER✔✔-The process of encrypting individual records within a database.
Transport/communication encryption - ANSWER✔✔-The process of encrypting data during
transmission to ensure its confidentiality.
Asymmetric encryption - ANSWER✔✔-A cryptographic system that uses two different keys: a
public key for encryption and a private key for decryption.
Symmetric encryption - ANSWER✔✔-A cryptographic system that uses the same key for both
encryption and decryption.
Key exchange - ANSWER✔✔-The process of securely sharing encryption keys between parties.
Algorithms - ANSWER✔✔-Mathematical functions used in encryption and decryption processes.
Key length - ANSWER✔✔-The size of the encryption key, measured in bits.
Trusted Platform Module (TPM) - ANSWER✔✔-A hardware component that provides secure
storage and cryptographic functions.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
,Hardware security module (HSM) - ANSWER✔✔-A physical device that generates, stores, and
manages cryptographic keys.
Key management system - ANSWER✔✔-A system that handles the generation, storage, and
distribution of cryptographic keys.
Secure enclave - ANSWER✔✔-A secure area within a processor that protects sensitive data.
Obfuscation - ANSWER✔✔-The process of making something unclear or difficult to understand.
Steganography - ANSWER✔✔-The process of hiding secret information within an innocent-
looking carrier file.
Tokenization - ANSWER✔✔-The process of replacing sensitive data with a non-sensitive token.
Data masking - ANSWER✔✔-The process of modifying sensitive data to protect its confidentiality.
Hashing - ANSWER✔✔-The process of converting data into a fixed-size string of characters.
Salting - ANSWER✔✔-The process of adding random data to the input of a hash function to
prevent precomputed attacks.
Digital signatures - ANSWER✔✔-A cryptographic mechanism to verify the authenticity and
integrity of digital documents.
Key stretching - ANSWER✔✔-A technique to make a cryptographic key more resistant to brute-
force attacks.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
, Blockchain - ANSWER✔✔-A distributed ledger that records transactions across multiple
computers.
Open public ledger - ANSWER✔✔-A transparent and publicly accessible record of all transactions
in a blockchain.
Certificates - ANSWER✔✔-Digital documents that bind a public key to an entity.
Certificate authorities - ANSWER✔✔-Entities that issue and sign digital certificates.
Certificate revocation lists (CRLs) - ANSWER✔✔-Lists of revoked digital certificates.
Online Certificate Status Protocol (OCSP) - ANSWER✔✔-A protocol for checking the revocation
status of digital certificates.
Self-signed - ANSWER✔✔-A digital certificate that is signed by its own private key.
Third-party Certificate - ANSWER✔✔-A digital certificate that is signed by a trusted third-party
certificate authority.
Root of trust - ANSWER✔✔-A trusted entity or component that forms the basis of a security
system.
Certificate signing request (CSR) generation - ANSWER✔✔-The process of creating a request for a
digital certificate.
Wildcard - ANSWER✔✔-A type of digital certificate that can be used for multiple subdomains.
Confidentiality - ANSWER✔✔-The principle of protecting data from unauthorized access.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 4
Objectives Master Set 2025 Questions
and Answers
Public key infrastructure (PKI) - ANSWER✔✔-A system that manages the creation, distribution,
and revocation of digital certificates.
Public key - ANSWER✔✔-A cryptographic key that is used for encryption and verifying digital
signatures in asymmetric encryption.
Private key - ANSWER✔✔-A cryptographic key that is used for decryption and creating digital
signatures in asymmetric encryption.
Key escrow - ANSWER✔✔-A process where a trusted third party holds a copy of an encryption
key.
Encryption - ANSWER✔✔-The process of converting plaintext into ciphertext to protect data
confidentiality.
Full-disk encryption - ANSWER✔✔-The process of encrypting the entire disk to protect all data
stored on it.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,Partition encryption - ANSWER✔✔-The process of encrypting a specific partition on a disk.
File encryption - ANSWER✔✔-The process of encrypting individual files to protect their contents.
Volume encryption - ANSWER✔✔-The process of encrypting a logical volume, which can span
multiple disks or partitions.
Database encryption - ANSWER✔✔-The process of encrypting a database to protect its contents.
Record encryption - ANSWER✔✔-The process of encrypting individual records within a database.
Transport/communication encryption - ANSWER✔✔-The process of encrypting data during
transmission to ensure its confidentiality.
Asymmetric encryption - ANSWER✔✔-A cryptographic system that uses two different keys: a
public key for encryption and a private key for decryption.
Symmetric encryption - ANSWER✔✔-A cryptographic system that uses the same key for both
encryption and decryption.
Key exchange - ANSWER✔✔-The process of securely sharing encryption keys between parties.
Algorithms - ANSWER✔✔-Mathematical functions used in encryption and decryption processes.
Key length - ANSWER✔✔-The size of the encryption key, measured in bits.
Trusted Platform Module (TPM) - ANSWER✔✔-A hardware component that provides secure
storage and cryptographic functions.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
,Hardware security module (HSM) - ANSWER✔✔-A physical device that generates, stores, and
manages cryptographic keys.
Key management system - ANSWER✔✔-A system that handles the generation, storage, and
distribution of cryptographic keys.
Secure enclave - ANSWER✔✔-A secure area within a processor that protects sensitive data.
Obfuscation - ANSWER✔✔-The process of making something unclear or difficult to understand.
Steganography - ANSWER✔✔-The process of hiding secret information within an innocent-
looking carrier file.
Tokenization - ANSWER✔✔-The process of replacing sensitive data with a non-sensitive token.
Data masking - ANSWER✔✔-The process of modifying sensitive data to protect its confidentiality.
Hashing - ANSWER✔✔-The process of converting data into a fixed-size string of characters.
Salting - ANSWER✔✔-The process of adding random data to the input of a hash function to
prevent precomputed attacks.
Digital signatures - ANSWER✔✔-A cryptographic mechanism to verify the authenticity and
integrity of digital documents.
Key stretching - ANSWER✔✔-A technique to make a cryptographic key more resistant to brute-
force attacks.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
, Blockchain - ANSWER✔✔-A distributed ledger that records transactions across multiple
computers.
Open public ledger - ANSWER✔✔-A transparent and publicly accessible record of all transactions
in a blockchain.
Certificates - ANSWER✔✔-Digital documents that bind a public key to an entity.
Certificate authorities - ANSWER✔✔-Entities that issue and sign digital certificates.
Certificate revocation lists (CRLs) - ANSWER✔✔-Lists of revoked digital certificates.
Online Certificate Status Protocol (OCSP) - ANSWER✔✔-A protocol for checking the revocation
status of digital certificates.
Self-signed - ANSWER✔✔-A digital certificate that is signed by its own private key.
Third-party Certificate - ANSWER✔✔-A digital certificate that is signed by a trusted third-party
certificate authority.
Root of trust - ANSWER✔✔-A trusted entity or component that forms the basis of a security
system.
Certificate signing request (CSR) generation - ANSWER✔✔-The process of creating a request for a
digital certificate.
Wildcard - ANSWER✔✔-A type of digital certificate that can be used for multiple subdomains.
Confidentiality - ANSWER✔✔-The principle of protecting data from unauthorized access.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 4
