- A
Authorization
Why wrong: Authorization determines what resources a user can access and what actions they are allowed to perform. While important, it does not prevent a user from denying that they performed an authorized action.
- B
Non-repudiation
Non-repudiation provides proof of the origin and integrity of data, ensuring that an individual cannot falsely deny having taken an action. The use of digital signatures and tamper-evident logs directly supports this goal.
- C
Authentication
Why wrong: Authentication verifies the identity of a user (e.g., via passwords or biometrics). Although necessary for accountability, it does not by itself prevent a user from later denying specific actions.
- D
Availability
Why wrong: Availability ensures that systems and data are accessible when needed. The described policy focuses on accountability and non-repudiation, not on uptime or resilience against denial-of-service.
Quick Answer
The answer is non-repudiation, the security goal that prevents denial of actions. This policy enforces non-repudiation by cryptographically binding each administrative action to a specific user through a unique digital signature, while the tamper-evident audit log stored in immutable replication ensures the record cannot be altered or deleted. On the Security+ SY0-701 exam, this scenario tests your ability to distinguish non-repudiation from related concepts like integrity or accountability—a common trap is confusing the tamper-proof log with integrity, but the core objective here is irrefutable proof of who did what. Remember that non-repudiation is about undeniable proof of origin and action, often achieved through digital signatures and immutable logs. A quick memory tip: think “non-repudiation = no denying your signature,” just like signing a legal document.
SY0-701 General Security Concepts Practice Question
This SY0-701 practice question tests your understanding of general security concepts. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A financial institution is implementing a new policy for all remote access to its payment processing system. The system will generate a unique digital signature for each administrative action, and all actions will be recorded in a tamper-evident audit log that is replicated to an immutable storage location. The primary objective of this policy is to ensure that administrators who perform sensitive operations cannot later deny having executed them. Which security goal is this policy primarily intended to enforce?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"primary"Why it matters: Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Non-repudiation
The policy's use of unique digital signatures for each administrative action, combined with a tamper-evident audit log replicated to immutable storage, directly enforces non-repudiation. Non-repudiation ensures that an administrator cannot deny having performed a specific action because the digital signature cryptographically binds the action to the administrator's identity, and the immutable log prevents any subsequent alteration or deletion of the record. This is the primary security goal when the objective is to prevent denial of responsibility for sensitive operations.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
Authorization
Why it's wrong here
Authorization determines what resources a user can access and what actions they are allowed to perform. While important, it does not prevent a user from denying that they performed an authorized action.
- ✓
Non-repudiation
Why this is correct
Non-repudiation provides proof of the origin and integrity of data, ensuring that an individual cannot falsely deny having taken an action. The use of digital signatures and tamper-evident logs directly supports this goal.
Clue confirmation
The clue word "primary" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Authentication
Why it's wrong here
Authentication verifies the identity of a user (e.g., via passwords or biometrics). Although necessary for accountability, it does not by itself prevent a user from later denying specific actions.
- ✗
Availability
Why it's wrong here
Availability ensures that systems and data are accessible when needed. The described policy focuses on accountability and non-repudiation, not on uptime or resilience against denial-of-service.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often confuse authentication (proving identity at login) with non-repudiation (proving identity for a specific action after the fact), but the question's focus on digital signatures and tamper-evident logs clearly points to non-repudiation, not just authentication.
Detailed technical explanation
How to think about this question
Digital signatures are typically implemented using asymmetric cryptography (e.g., RSA or ECDSA) where the administrator's private key signs a hash of the action details, and the corresponding public key is used to verify the signature. The tamper-evident audit log often uses a hash chain (each entry includes the hash of the previous entry) or is written to a write-once-read-many (WORM) storage device, such as an immutable object store or a blockchain-based ledger, to ensure that even a compromised administrator cannot retroactively modify or delete records. In real-world scenarios, this is critical for compliance with regulations like SOX or PCI DSS, where audit trails must be forensically sound.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
General Security Concepts — study guide chapter
Learn the concepts, then practise the questions
- →
General Security Concepts practice questions
Targeted practice on this topic area only
- →
All SY0-701 questions
1,152 questions across all exam domains
- →
Security+ SY0-701 study guide
Full concept coverage aligned to exam objectives
- →
SY0-701 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related SY0-701 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
General Security Concepts practice questions
Practise SY0-701 questions linked to General Security Concepts.
Threats, Vulnerabilities, and Mitigations practice questions
Practise SY0-701 questions linked to Threats, Vulnerabilities, and Mitigations.
Security Architecture practice questions
Practise SY0-701 questions linked to Security Architecture.
Security Operations practice questions
Practise SY0-701 questions linked to Security Operations.
Security Program Management and Oversight practice questions
Practise SY0-701 questions linked to Security Program Management and Oversight.
Security+ social engineering questions
Practise SY0-701 questions linked to Security+ social engineering questions.
Security+ cryptography practice questions
Practise SY0-701 questions linked to Security+ cryptography.
Security+ IAM questions
Practise SY0-701 questions linked to Security+ IAM questions.
Security+ risk management questions
Practise SY0-701 questions linked to Security+ risk management questions.
Security+ incident response questions
Practise SY0-701 questions linked to Security+ incident response questions.
Security+ malware questions
Practise SY0-701 questions linked to Security+ malware questions.
Security+ vulnerability management questions
Practise SY0-701 questions linked to Security+ vulnerability management questions.
Practice this exam
Start a free SY0-701 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this SY0-701 question test?
General Security Concepts — This question tests General Security Concepts — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Non-repudiation — The policy's use of unique digital signatures for each administrative action, combined with a tamper-evident audit log replicated to immutable storage, directly enforces non-repudiation. Non-repudiation ensures that an administrator cannot deny having performed a specific action because the digital signature cryptographically binds the action to the administrator's identity, and the immutable log prevents any subsequent alteration or deletion of the record. This is the primary security goal when the objective is to prevent denial of responsibility for sensitive operations.
What should I do if I get this SY0-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "primary". Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 11, 2026
This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.