Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
A backup server encrypts large nightly database exports before sending them to an offsite storage system. The organization has already arranged a secure way to share the secret key between the systems, and performance is a concern because the files are very large. Which encryption approach is the best fit?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
Asymmetric encryption
Asymmetric encryption is useful for key exchange and identity-related tasks, but it is usually slower and less efficient for encrypting very large backups.
B
Best answer
Symmetric encryption
Symmetric encryption is the best fit for bulk data because it is fast and efficient. When both sides can securely share the same secret key, large backup files can be encrypted and decrypted with much less overhead than with public-key methods. That makes it the standard choice for protecting high-volume data at rest or in transit.
C
Distractor review
Hashing
Hashing is used to detect changes and confirm integrity, but it does not provide confidentiality for backup data.
D
Distractor review
Digital signatures
Digital signatures prove authenticity and integrity, but they do not encrypt large files for confidentiality.
Common exam trap
Common exam trap: NAT rules depend on direction and matching traffic
NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.
Technical deep dive
How to think about this question
NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.
KKey Concepts to Remember
- Static NAT maps one inside address to one outside address.
- PAT allows many inside hosts to share one public address using ports.
- Inside local and inside global describe the private and translated addresses.
- NAT ACLs identify traffic for translation, not always security filtering.
TExam Day Tips
- Identify inside and outside interfaces first.
- Check whether the scenario needs static NAT, dynamic NAT or PAT.
- Do not confuse NAT matching ACLs with normal packet-filtering intent.
Related practice questions
Related SY0-701 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Security+ social engineering questions
Practise SY0-701 questions linked to Security+ social engineering questions.
Security+ cryptography practice questions
Practise SY0-701 questions linked to Security+ cryptography.
Security+ IAM questions
Practise SY0-701 questions linked to Security+ IAM questions.
Security+ risk management questions
Practise SY0-701 questions linked to Security+ risk management questions.
Security+ incident response questions
Practise SY0-701 questions linked to Security+ incident response questions.
Security+ malware questions
Practise SY0-701 questions linked to Security+ malware questions.
Security+ vulnerability management questions
Practise SY0-701 questions linked to Security+ vulnerability management questions.
Security+ security operations questions
Practise SY0-701 questions linked to Security+ security operations questions.
Security+ zero trust questions
Practise SY0-701 questions linked to Security+ zero trust questions.
Security+ authentication factors questions
Practise SY0-701 questions linked to Security+ authentication factors questions.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A baseline review found that standard developer accounts are local administrators, unsigned tools can run from user profile folders, and reimaged systems still end up with unauthorized persistence. Which two changes best improve hardening while preserving developer work? Select two.
Question 2
A billing application has an RTO of 2 hours and an RPO of 30 minutes. The current recovery method requires rebuilding the VM from scratch and then restoring last night's backup, which takes over six hours. Which solution best meets the stated recovery objectives?
Question 3
A branch office has users, finance workstations, and printers on the same LAN. Management wants finance devices isolated from general users while still allowing approved printing and internet access. Which two changes best meet this goal? Select two.
Question 4
A branch office has users, finance workstations, printers, and IP phones on one flat network. The security team wants to reduce lateral movement if one user PC is compromised, but printers still need to receive print jobs from users. What is the best design change?
Question 5
A branch office has users, finance workstations, printers, and IP phones on one flat LAN. After a malware outbreak on a user PC, management wants to limit lateral movement without blocking printing or voice traffic. What should the network team implement?
Question 6
A branch office loses power briefly several times each month. Which control best helps keep network equipment running long enough for an orderly shutdown?
FAQ
Questions learners often ask
What does this SY0-701 question test?
Static NAT maps one inside address to one outside address.
What is the correct answer to this question?
The correct answer is: Symmetric encryption — Symmetric encryption is the best choice because the same shared key can encrypt and decrypt large data sets efficiently. Backup workflows often involve significant volume, so performance matters. Public-key methods are typically reserved for exchanging keys or verifying identity, while symmetric algorithms are preferred for the actual bulk encryption of data like databases and archives. Why others are wrong: Asymmetric encryption is generally too computationally expensive for encrypting large backups directly. Hashing only produces a digest and cannot keep the data confidential. Digital signatures provide integrity and authenticity, but they do not hide the contents of the backup file from unauthorized viewers.
What should I do if I get this SY0-701 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.