A desktop engineering team asks for the document that specifies the exact minimum encryption setting, screen-lock timer, and password length for company laptops. Which type of document should they follow?

Policy, because it states the organization's general intent and high-level direction.

A policy sets broad expectations, but it usually does not specify exact configuration values or technical baselines.

Procedure, because it gives the organization-wide security purpose statement.

A procedure is a step-by-step sequence for carrying out tasks, not the place to define the baseline itself.

Guideline, because it provides optional suggestions that every laptop must obey.

Guidelines are recommended practices and are generally flexible, so they do not establish mandatory configuration values.

What does this SY0-701 question test?

Read the scenario before looking for a memorised answer.

What is the correct answer to this question?

The correct answer is: Standard, because it defines mandatory uniform requirements for a specific control baseline. — A standard is the best fit because the team is asking for specific, mandatory settings that must be applied consistently to all laptops. Standards typically define required baselines such as encryption, password parameters, and timeout values. That makes them stronger and more precise than policy, while still being separate from step-by-step procedures. This distinction helps organizations enforce security uniformly and support audits. Why others are wrong: Policy is too high level for exact configuration values. Procedure describes how to perform a task, not the baseline itself. Guideline is the most flexible document type and does not normally create mandatory requirements. The scenario is asking for a technical baseline, which is exactly what a standard provides.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.