CompTIA Security+ · SY0-701

Objective 4.2: Explain the security implications of proper hardware, software, and data asset management

Practice questions for Security+ objective 4.2, Explain the security implications of proper hardware, software, and data asset management.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.

This objective sits in Domain 4.0: Security Operations, which is about 28% of the exam — so mastering it moves your readiness score meaningfully.

1.Which data sanitization method is MOST appropriate when a company needs to reassign an internal hard drive to a different employee for continued use?

2.An organization's software asset management audit reveals that 34 workstations are running a version of a PDF reader application that reached end of life eight months ago. The vendor no longer releases security patches for this version, and three critical CVEs have been published against it since the EOL date with no available patches. The application cannot be upgraded due to a dependency on a legacy document format used by one department. Which combination of actions most accurately reflects the appropriate asset management and risk treatment response to this finding?

3.Which action during the decommissioning phase of an asset's lifecycle is SPECIFICALLY required to protect cryptographic keys stored on a hardware security module (HSM)?

4.A company assigns each asset to a specific owner who is responsible for authorising access and ensuring appropriate handling. Which principle does this BEST reflect?

5.An organization's IT asset management team conducts a reconciliation between the configuration management database (CMDB) and an active network scan. The scan discovers 47 IP addresses with active services that do not appear in the CMDB. Further investigation reveals that 12 are personally owned employee devices connected to the guest WiFi that has improper network isolation, 23 are IoT environmental sensors installed by facilities management without IT involvement, and 12 are virtual machines spun up by developers in a shadow cloud account not provisioned through IT. Which asset management concept describes the collective problem these three findings represent, and what control addresses the root cause most directly?

Practice every objective, adaptively

CertBench tracks your score on 4.2 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.

Take the free diagnostic

More objectives in Domain 4.0

← All Security+ practice questions