Objectives in this domain

Given a scenario, apply common security techniques to computing resources.
Section 4.1hard
Explain the security implications of proper hardware, software, and data asset management.
Section 4.2easy
Explain various activities associated with vulnerability management.
Section 4.3medium
Explain security alerting and monitoring concepts and tools.
Section 4.4medium
Given a scenario, modify enterprise capabilities to enhance security.
Section 4.5hard
Given a scenario, implement and maintain identity and access management.
Section 4.6hard
Explain the importance of automation and orchestration related to secure operations.
Section 4.7medium
Explain appropriate incident response activities.
Section 4.8medium
Given a scenario, use data sources to support an investigation.
Section 4.9medium

Sample question from this domain

Free sampleSecurity Operationseasy

A logistics company is retiring forty laptops that previously held delivery manifests and payroll files. The IT manager wants the drives processed so that the data cannot be recovered even by a forensic lab, but the chassis themselves will be donated to a local charity in working order. Which disposal action best meets both requirements?

ARun a quick format from the operating system installer on each laptop before handing the units over to the charity.
BPerform a vendor-certified cryptographic erase or multi-pass overwrite of each drive, then verify and document the sanitisation before donation. Correct
CPhysically shred each drive in an approved media destruction bin and pass the laptops on with the empty drive bays.
DDelete the user profiles, empty the recycle bin, and rely on full disk encryption being enabled at the time of donation.

Recognise that secure disposal must destroy data on storage media while matching the reuse plan for the surrounding hardware. Secure disposal balances data sanitisation with the future use of the device. Cryptographic erase and verified multi-pass overwrite are recognised sanitisation methods that render data non-recoverable while preserving the drive and chassis for reuse or donation, and the resulting certificate provides documented evidence for the asset record.

Why A is wrong: A quick format only rewrites filesystem metadata and leaves the underlying sectors intact, so commodity recovery tools can restore the manifests and payroll files. It is tempting because it appears to wipe the disk, but it does not satisfy the forensic non-recoverability requirement.

Why B is correct: A certified cryptographic erase or NIST-aligned multi-pass overwrite destroys the readable contents of the drive while leaving the hardware usable, and the verified certificate of sanitisation supports an auditable chain of custody. This satisfies both the non-recoverability and the working-order requirements.

Why C is wrong: Shredding does destroy the data beyond forensic recovery, but it also removes the storage that makes the laptops functional, so the charity would receive incomplete units. The requirement is to keep the chassis in working order, which this approach breaks.

Why D is wrong: Deleting profiles and emptying the recycle bin leaves the underlying data blocks recoverable, and an unrevoked encryption key on a donated machine still permits decryption by the recipient. Candidates may pick this because encryption sounds protective, but without key destruction it does not sanitise the drive.

Other domains in this exam

General Security Concepts12% of the exam
Threats, Vulnerabilities, and Mitigations22% of the exam
Security Architecture18% of the exam
Security Program Management and Oversight20% of the exam

See also the SY0-701 cert hub, the study guide, and the cheat sheet.