This SY0-701 practice question tests your understanding of security operations. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
Disaster recovery review for the customer billing platform
Current backup design:
- Full backup once per day at 23:00
- Backups stored on the same storage cluster as production VM snapshots
- Backup administrator account is shared by the operations team
- Restore test cadence: none in the last 12 months
- Current measured restore time from bare metal: 7 hours
Business recovery targets:
- RTO: 2 hours
- RPO: 15 minutes
Based on the exhibit, which improvement best aligns the current backup design with the stated recovery targets?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue: "best"
Why it matters: Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
Disaster recovery review for the customer billing platform
Current backup design:
- Full backup once per day at 23:00
- Backups stored on the same storage cluster as production VM snapshots
- Backup administrator account is shared by the operations team
- Restore test cadence: none in the last 12 months
- Current measured restore time from bare metal: 7 hours
Business recovery targets:
- RTO: 2 hours
- RPO: 15 minutes
A
Keep the same design but extend backup retention from 30 days to 90 days.
Why wrong: Longer retention supports archival needs, but it does not improve restore speed or reduce data loss between backups.
B
Switch to frequent incremental or snapshot backups stored in a separate, immutable location with routine restore tests.
The business needs a much smaller RPO and a faster RTO than the current design can deliver. More frequent backups reduce the amount of data lost, while a separate immutable repository improves resilience against ransomware and storage failures. Regular restore tests confirm that the chosen method actually meets the recovery objective in practice, not just on paper.
C
Share the backup administrator password in a team chat so any engineer can restore data during an outage.
Why wrong: Credential sharing weakens accountability and increases the chance of unauthorized changes. It does not improve the backup architecture itself.
D
Remove backup encryption so restores run faster during an emergency.
Why wrong: Removing encryption creates unnecessary data exposure and does not solve the main issue of backup frequency and repository isolation.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Switch to frequent incremental or snapshot backups stored in a separate, immutable location with routine restore tests.
Option B is correct because the current backup design lacks off-site, immutable storage and routine restore testing, which are critical to meet recovery point and time objectives (RPO/RTO). Frequent incremental or snapshot backups in a separate, immutable location protect against ransomware and ensure data integrity, while routine restore tests verify that backups are actually recoverable when needed.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
Keep the same design but extend backup retention from 30 days to 90 days.
Why it's wrong here
Longer retention supports archival needs, but it does not improve restore speed or reduce data loss between backups.
✓
Switch to frequent incremental or snapshot backups stored in a separate, immutable location with routine restore tests.
Why this is correct
The business needs a much smaller RPO and a faster RTO than the current design can deliver. More frequent backups reduce the amount of data lost, while a separate immutable repository improves resilience against ransomware and storage failures. Regular restore tests confirm that the chosen method actually meets the recovery objective in practice, not just on paper.
Clue confirmation
The clue word "best" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
✗
Share the backup administrator password in a team chat so any engineer can restore data during an outage.
Why it's wrong here
Credential sharing weakens accountability and increases the chance of unauthorized changes. It does not improve the backup architecture itself.
✗
Remove backup encryption so restores run faster during an emergency.
Why it's wrong here
Removing encryption creates unnecessary data exposure and does not solve the main issue of backup frequency and repository isolation.
Common exam traps
Common exam trap: answer the scenario, not the keyword
CompTIA often tests the misconception that simply extending retention or making backups faster (e.g., removing encryption) improves recovery, when in reality the key gaps are off-site immutability and restore testing to ensure recoverability against ransomware and operational errors.
Detailed technical explanation
How to think about this question
Immutable backups are typically implemented using object lock (e.g., S3 Object Lock or Azure Blob Storage immutability) or write-once-read-many (WORM) media, preventing modification or deletion even by administrators. Routine restore tests should include full recovery simulations to validate both the backup data and the recovery procedures, often measured against the RTO. Incremental backups reduce storage and network load by only capturing changed blocks, but require a reliable chain of full and incremental backups to avoid corruption.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A developer is choosing between AES-256 (symmetric) and RSA-2048 (asymmetric) for encrypting a large file that will be sent to a partner. Symmetric encryption is fast but requires key exchange; asymmetric is slower but solves the key distribution problem. A hybrid approach — encrypt the file with AES, encrypt the AES key with RSA — is standard. Questions like this test whether you understand when each approach applies.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this SY0-701 question in full detail.
Security Operations — This question tests Security Operations — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Switch to frequent incremental or snapshot backups stored in a separate, immutable location with routine restore tests. — Option B is correct because the current backup design lacks off-site, immutable storage and routine restore testing, which are critical to meet recovery point and time objectives (RPO/RTO). Frequent incremental or snapshot backups in a separate, immutable location protect against ransomware and ensure data integrity, while routine restore tests verify that backups are actually recoverable when needed.
What should I do if I get this SY0-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "best". Signals that multiple options may be partially correct. Choose the option that most directly solves the exact problem described, not the one that sounds most complete.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.