CompTIA CertMaster CE Security+ Domain
1.0 Assessment General Security Concepts
– Questions & Detailed Explanations
QUESTION 1
A manufacturing company discovers that employees regularly leave sensitive documents on
unattended desks. Which type of security control would best address this issue?
A) Technical control
B) Operational control
C) Deterrent control
D) Physical control
Answer: B) Operational control
Explanation: Operational controls are security measures implemented by people (rather than
systems) that focus on day-to-day procedures and practices. Requiring employees to secure
sensitive documents before leaving their desks is an operational control because it involves a
procedural requirement for staff behavior. While a physical control (like locked filing cabinets)
could also help, the scenario describes a behavior problem best addressed through operational
procedures and policies.
QUESTION 2
Which of the following is NOT one of the core categories of security controls?
A) Technical controls
B) Administrative controls
C) Physical controls
D) Operational controls
Answer: B) Administrative controls
, Explanation: The three core categories of security controls are technical (implemented through
technology), managerial/administrative (policies and procedures), and physical (barriers and
environmental controls). However, "administrative" is often used interchangeably with
"managerial" controls. Operational controls are a subcategory or alternative classification. The
CompTIA Security+ SY0-701 objectives specifically list: technical, managerial, operational, and
physical as control types. Depending on the framework, managerial/administrative controls are
considered the overarching category that includes operational controls.
QUESTION 3
Felicia wants to deploy an encryption solution that will protect files in motion as they are copied
between file shares as well as at rest, and also needs it to support granular, per-user security.
What should she create?
A) A file encryption certificate
B) An encrypted VPN tunnel
C) An EFS (Encrypting File System) policy with recovery agents
D) A hardware security module (HSM)
Answer: C) An EFS (Encrypting File System) policy with recovery agents
Explanation: EFS (Encrypting File System) provides file-level encryption that protects data both
at rest and in transit between file shares. It supports granular, per-user security by allowing
individual users or groups to be assigned access to specific encrypted files. Recovery agents
ensure that encrypted files can be recovered if the original user's key is lost. A VPN only
protects data in transit, not at rest. An HSM is hardware for key storage, not a file encryption
solution itself.
QUESTION 4
An organization implements a policy requiring all employees to use complex passwords that are
changed every 90 days. This is an example of which type of control?
A) Technical control
B) Operational control
C) Managerial control
D) Physical control
1.0 Assessment General Security Concepts
– Questions & Detailed Explanations
QUESTION 1
A manufacturing company discovers that employees regularly leave sensitive documents on
unattended desks. Which type of security control would best address this issue?
A) Technical control
B) Operational control
C) Deterrent control
D) Physical control
Answer: B) Operational control
Explanation: Operational controls are security measures implemented by people (rather than
systems) that focus on day-to-day procedures and practices. Requiring employees to secure
sensitive documents before leaving their desks is an operational control because it involves a
procedural requirement for staff behavior. While a physical control (like locked filing cabinets)
could also help, the scenario describes a behavior problem best addressed through operational
procedures and policies.
QUESTION 2
Which of the following is NOT one of the core categories of security controls?
A) Technical controls
B) Administrative controls
C) Physical controls
D) Operational controls
Answer: B) Administrative controls
, Explanation: The three core categories of security controls are technical (implemented through
technology), managerial/administrative (policies and procedures), and physical (barriers and
environmental controls). However, "administrative" is often used interchangeably with
"managerial" controls. Operational controls are a subcategory or alternative classification. The
CompTIA Security+ SY0-701 objectives specifically list: technical, managerial, operational, and
physical as control types. Depending on the framework, managerial/administrative controls are
considered the overarching category that includes operational controls.
QUESTION 3
Felicia wants to deploy an encryption solution that will protect files in motion as they are copied
between file shares as well as at rest, and also needs it to support granular, per-user security.
What should she create?
A) A file encryption certificate
B) An encrypted VPN tunnel
C) An EFS (Encrypting File System) policy with recovery agents
D) A hardware security module (HSM)
Answer: C) An EFS (Encrypting File System) policy with recovery agents
Explanation: EFS (Encrypting File System) provides file-level encryption that protects data both
at rest and in transit between file shares. It supports granular, per-user security by allowing
individual users or groups to be assigned access to specific encrypted files. Recovery agents
ensure that encrypted files can be recovered if the original user's key is lost. A VPN only
protects data in transit, not at rest. An HSM is hardware for key storage, not a file encryption
solution itself.
QUESTION 4
An organization implements a policy requiring all employees to use complex passwords that are
changed every 90 days. This is an example of which type of control?
A) Technical control
B) Operational control
C) Managerial control
D) Physical control