CompTIA DS0-001 CompTIA DataSys+ Certification Exam Exam Practice Test

The correct answers are C. Entity Framework and E. Hibernate. CompTIA DataSys+ defines Object-Relational Mapping (ORM) tools as software frameworks that allow developers to interact with relational databases using object-oriented programming concepts instead of writing raw SQL queries. ORM tools map database tables to application objects, rows to object instances, and columns to object attributes, simplifying database access and improving developer productivity.

Entity Framework is a widely used ORM tool in the Microsoft ecosystem, commonly paired with .NET applications. It enables developers to define data models in code and allows the framework to automatically generate SQL queries, manage relationships, and handle CRUD (Create, Read, Update, Delete) operations. DataSys+ highlights ORM tools like Entity Framework as a way to reduce repetitive SQL coding while maintaining consistency and abstraction between application logic and the database layer.

Hibernate is a popular ORM framework used primarily in Java-based applications. Similar to Entity Framework, Hibernate manages database interactions by mapping Java objects to relational database structures. It handles SQL generation, transaction management, and caching, making it a core example of an ORM solution referenced in DataSys+ learning objectives.

Option A, PL/SQL, and option D, T-SQL, are procedural SQL languages, not ORM tools. They are used to write stored procedures, functions, and scripts that execute directly within the database. Option B, XML, is a data format used for data representation and exchange, not for object-relational mapping. Option F, PHP, is a general-purpose programming language that can use ORM tools but is not itself an ORM framework.

CompTIA DataSys+ emphasizes understanding the distinction between database languages, programming languages, and abstraction frameworks like ORMs. Entity Framework and Hibernate clearly fit the definition of ORM tools by bridging object-oriented applications and relational databases.

Therefore, the correct and fully verified answers are C and E.

The index that the developer should use to prevent duplicate values from being inserted is unique. A unique index is a type of index that enforces the uniqueness of the values in one or more columns of a table. A unique index ensures that no two rows in the table have the same value or combination of values in the indexed columns. A unique index helps to maintain data integrity and avoid data duplication or inconsistency. The other options are either not related or not effective for this purpose. For example, a single column index is a type of index that involves only one column of a table, but it does not prevent duplicate values unless it is also unique; an implicit index is a type of index that is automatically created by the database system when a constraint or a primary key is defined on a column or columns of a table, but it does not prevent duplicate values unless it is also unique; a composite index is a type of index that involves two or more columns of a table, but it does not prevent duplicate values unless it is also unique. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.

The resource that is the best way to lock rows in SQL Server is RID. RID, or Row IDentifier, is an attribute that uniquely identifies each row in a heap table in SQL Server. A heap table is a table that does not have a clustered index, which means that the rows are not stored in any particular order. A RID consists of the file number, page number, and slot number of the row in the database. A RID can be used to lock rows in SQL Server to prevent concurrent access or modification by other transactions or users. A RID lock is a type of lock that locks a single row using its RID. A RID lock can be applied using the HOLDLOCK or XLOCK hints in a SELECT statement. The other options are either not related or not effective for this purpose. For example, TID, or Transaction IDentifier, is an attribute that uniquely identifies each transaction in a database; SID, or Security IDentifier, is an attribute that uniquely identifies each user or group in a Windows system; PID, or Process IDentifier, is an attribute that uniquely identifies each process in an operating system. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.3 Given a scenario, implement database concurrency methods.

The most likely cause of the issue is that the SQL Server ports to the main machine are closed. SQL Server uses TCP/IP ports to communicate with clients and other servers. If these ports are blocked by a firewall or other network device, the connection will fail. The administrator should check the port configuration on both the server and the user’s workstation, and make sure that they are open and match the expected values. The other options are either unlikely or unrelated to the issue. For example, the SQL Server codes performing badly or having many concurrent users may affect the performance or availability of the server, but not prevent the connection entirely; the SQL Server not being tested properly may cause errors or bugs in the functionality or security of the server, but not affect the connection unless there is a configuration problem. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.3 Given a scenario, troubleshoot common database deployment issues.

 The category of SQL commands that is required to revoke access to database objects is DCL. DCL, or Data Control Language, is a subset of SQL commands that are used to control or manage the access or permissions of users or roles on a database. DCL includes commands such as GRANT and REVOKE. GRANT is a DCL command that is used to grant privileges or roles to users or roles on specific objects in a database, such as tables, views, procedures, etc. REVOKE is a DCL command that is used to revoke privileges or roles from users or roles on specific objects in a database. For example, the following statement uses the REVOKE command to revoke the SELECT privilege from user Alice on table employee:

REVOKE SELECT ON employee FROM Alice;

The other options are either different categories of SQL commands or not related to SQL commands at all. For example, IDDL is not a valid acronym or category of SQL commands; IDML is not a valid acronym or category of SQL commands; TCL, or Transaction Control Language, is a subset of SQL commands that are used to control or manage transactions on a database, such as committing or rolling back changes. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.2 Given a scenario, implement security controls for databases.

The attack in which an attacker hopes to profit from locking the database software is ransomware. Ransomware is a type of malware that encrypts the data or files on a system or network and demands a ransom from the victim to restore them. Ransomware can target database software and lock its access or functionality until the victim pays the ransom, usually in cryptocurrency. Ransomware can cause serious damage and loss to the victim, as well as expose them to further risks or threats. Ransomware can be delivered through various methods, such as phishing emails, malicious attachments, compromised websites, etc. The other options are either different types of attacks or not related to locking database software at all. For example, spear phishing is a type of phishing attack that targets a specific individual or organization with personalized or customized emails; SQL injection is a type of attack that inserts malicious SQL statements into an input field or parameter of a web application to manipulate or compromise the underlying database; on-path is a type of attack that intercepts and modifies the data in transit between two parties on a network. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.4 Given a scenario, identify common types of attacks against databases

The correct answer is D. It allows connections to databases through scripts. CompTIA DataSys+ documentation describes PowerShell as a powerful automation and scripting language primarily used in Windows-based environments to manage systems, applications, and databases. In a database context, PowerShell enables administrators to automate repetitive tasks, execute administrative commands, and interact with databases programmatically through scripted workflows.

PowerShell is commonly used by database administrators to perform tasks such as running scheduled queries, managing database services, monitoring performance metrics, automating backups and restores, and handling user or permission management. Its strength lies in scripting and orchestration rather than providing a specific database connectivity protocol. Through scripts, PowerShell can leverage database providers, command-line utilities, or modules to connect to and manage database systems efficiently.

Option A is incorrect because Python database connectivity is handled through Python libraries and drivers, not PowerShell. Option B is also incorrect because PowerShell is not designed to enable Linux systems to connect to databases; while PowerShell Core is cross-platform, its function is still automation and scripting, not system-level database connectivity. Option C is misleading because ODBC is a database connectivity standard that can be used by many tools and languages, but PowerShell itself is not defined by its use of ODBC. While PowerShell scripts can invoke ODBC connections, that is not its primary or defining function.

CompTIA DataSys+ emphasizes the role of automation tools in database operations. PowerShell fits squarely into this category by enabling DBAs to create repeatable, auditable, and scalable scripts that interact with databases and supporting infrastructure. Its use improves operational efficiency, reduces manual errors, and supports consistent database administration practices.

Therefore, the best and most accurate description of PowerShell’s function in a database environment is allowing connections and management operations through scripts, making D the correct answer.

The document that the administrator should create to illustrate the interaction between tables is an entity relationship diagram. An entity relationship diagram (ERD) is a graphical representation of the entities (tables), attributes (columns), and relationships (constraints) in a database. An ERD helps the administrator to visualize the structure and design of the database, as well as the dependencies and associations among the tables. The other options are either different types of documents or not related to the interaction between tables. For example, a troubleshooting guide is a document that provides instructions on how to solve common problems or errors in a database; a data dictionary is a document that describes the metadata (information about data) of a database; a database reference manual is a document that provides information on how to use or operate a database. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.

The correct answer is C. Checking for database prerequisites. According to CompTIA DataSys+ objectives, verifying prerequisites is a critical preparatory step before installing a new database instance. Database prerequisites refer to the minimum and recommended requirements that must be met to ensure a successful installation and stable operation of the database system.

This process typically includes validating disk space availability, CPU capacity, memory (RAM), and network resources, as well as confirming operating system compatibility, required libraries, kernel parameters, and supporting services. DataSys+ emphasizes that failure to meet prerequisites can lead to installation errors, poor performance, instability, or security vulnerabilities after deployment. Therefore, DBAs are expected to thoroughly assess the environment before proceeding with installation.

Option A, performing patch management, refers to applying updates and fixes to existing systems to address bugs or security issues. This occurs after software is installed and operational, not before a new database instance is deployed. Option B, upgrading the database instance, involves moving from one version of a database to another and assumes an existing installation is already in place. Option D, provisioning the configuration, focuses on allocating and configuring resources (such as creating instances, users, or storage structures) after prerequisites have been validated.

CompTIA DataSys+ clearly separates environment validation from deployment and configuration activities. Checking prerequisites is a risk-reduction step that ensures the infrastructure can support the database workload and performance expectations from the start. It also supports capacity planning, compliance, and long-term maintainability.

Therefore, the process of verifying space, hardware, and network resources before installing a database instance is best described as checking for database prerequisites, making option C the correct and fully verified answer.

The option that is part of logical database infrastructure security is perimeter network. Perimeter network, also known as DMZ (Demilitarized Zone), is a network segment that lies between an internal network and an external network, such as the internet. Perimeter network provides an additional layer of security for the internal network by isolating and protecting the servers or services that are exposed to the external network, such as web servers, email servers, database servers, etc. Perimeter network also helps prevent unauthorized access or attacks from the external network to the internal network by using firewalls, routers, proxies, etc. The other options are either part of physical database infrastructure security or not related to database infrastructure security at all. For example, surveillance is a method of monitoring and recording physical activities or events in a location or resource; biometric access is a device that uses biological characteristics to control access to a physical location or resource; cooling system is a device or system that regulates the temperature and humidity of a location or resource. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.1 Given a scenario, implement database infrastructure security.

The best option for the database administrator to use to update an organization’s ERD is a UML tool. A UML tool is a software application that allows users to create, edit, and visualize diagrams using the Unified Modeling Language (UML). UML is a standard language for modeling software systems and their components, such as classes, objects, relationships, behaviors, etc. UML can also be used to create entity relationship diagrams (ERDs), which are graphical representations of the entities (tables), attributes (columns), and relationships (constraints) in a database. A UML tool can help the administrator to update an organization’s ERD by providing features such as drag-and-drop, templates, symbols, validation, etc. The other options are either not suitable or not optimal for this task. For example, a word processor is a software application that allows users to create and edit text documents; a spreadsheet is a software application that allows users to organize and manipulate data in rows and columns; an HTML editor is a software application that allows users to create and edit web pages using HyperText Markup Language (HTML). References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.

The correct answer is A. Implement a virtual private network (VPN). CompTIA DataSys+ emphasizes secure remote access as a critical requirement for modern database environments, especially when users need to connect from untrusted networks such as home internet connections. A VPN provides a secure, encrypted tunnel between the user’s device and the organization’s internal network, allowing remote users to access database resources as if they were physically on-site.

By using strong encryption and authentication mechanisms, a VPN ensures that data transmitted over public networks cannot be intercepted, read, or altered by unauthorized parties. DataSys+ highlights VPNs as a best practice for protecting data-in-transit and preventing exposure of sensitive database services directly to the internet. VPNs also allow administrators to enforce centralized access controls, logging, and monitoring, further strengthening security.

Option B, implementing strong password policies, is an important security measure but does not by itself enable secure remote connectivity. Password policies address authentication strength, not secure network transport. Option C, configuring and deploying a firewall, is essential for controlling traffic flow, but a firewall alone does not provide secure remote access for home users. It typically blocks or allows connections rather than securely tunneling them. Option D, implementing a perimeter network (DMZ), is designed to host internet-facing services while isolating internal systems. Exposing databases through a perimeter network increases risk and is not recommended for direct user access to internal data.

CompTIA DataSys+ stresses the principle of minimizing attack surface. A VPN supports this principle by avoiding direct exposure of database services while still enabling authorized remote access. It also integrates well with multifactor authentication and identity management systems.

Therefore, the most secure and appropriate method to enable remote access without compromising stored data is to implement a virtual private network, making option A the correct and fully verified answer.

The practice that best describes this request is access control. Access control is a process that regulates who can access what data in a system based on predefined rules or policies. Access control helps protect data from unauthorized or inappropriate access or modification by granting or denying permissions or privileges to users or groups based on their roles or identities. By applying access control, the database administrator can assign a user the ability to view a data set without allowing them to change or delete it. The other options are either different practices or not related to this request. For example, security audit is a process that evaluates the security level of a system by identifying vulnerabilities or risks; database audit is a process that monitors and records the activities or events that occur on a database; password policy implementation is a process that defines and enforces rules or standards for creating and managing passwords. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.2 Given a scenario, implement security controls for databases.

The first thing that the database administrator should examine to troubleshoot the issue is the event log. The event log is a file that records the events and activities that occur on a system, such as database backups, errors, warnings, or failures. By examining the event log, the administrator can identify the cause and time of the backup failure, and also check for any other issues or anomalies that may affect the backup process or the backup quality. The other options are either not relevant or not the first priority for this task. For example, CPU usage, disk space, and OS performance may affect the performance or availability of the system, but not necessarily cause the backup failure; moreover, these factors can be checked after reviewing the event log for more information. References: CompTIA DataSys+ Course Outline, Domain 5.0 Business Continuity, Objective 5.2 Given a scenario, implement backup and restoration of database management systems.

The best action for the administrator to take is to create a view. A view is a virtual table that shows a subset of data from one or more tables. The administrator can use a view to provide access to data from two different tables to multiple group users without exposing the restricted columns. The view can also simplify the queries and improve the performance of the reporting process. The other options are either not suitable for this scenario or do not address the requirement of hiding some columns from users. For example, creating a stored procedure would require additional coding and execution, creating a csv export would create a static file that may not reflect the latest data changes, and creating a trigger would perform an action in response to an event rather than provide access to data. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.

The correct answer is D. Password policies. CompTIA DataSys+ emphasizes that password policies are a core component of authentication and security controls within database systems and enterprise environments. When new users are required to change their credentials for the first time, the system typically enforces predefined password rules. If the new credentials do not meet these rules, the system will reject them automatically.

Password policies define specific requirements such as minimum password length, complexity (use of uppercase letters, lowercase letters, numbers, and special characters), password history, expiration intervals, and restrictions against using previously compromised or common passwords. In many environments, first-time password changes are subject to the strictest enforcement of these rules to ensure strong baseline security from the start of a user’s lifecycle.

Option A, identity management, focuses on the creation, provisioning, and lifecycle management of user identities across systems. While identity management systems initiate the credential change process, they do not usually enforce the detailed rules that cause a password to be rejected. Option B, access controls, govern what resources a user can access after authentication, not whether a password itself is valid. Option C, service accounts, are non-interactive accounts used by applications or services and are unrelated to new end-user credential changes.

DataSys+ documentation highlights that authentication failures during credential updates are most commonly tied to policy enforcement, not permissions or account type. This includes scenarios where users unknowingly violate complexity rules or reuse default or temporary passwords that are explicitly disallowed.

Therefore, the rejection of new credentials during a first-time password change is best explained by password policies, making option D the most accurate and verified answer according to CompTIA DataSys+ principles.

The correct answers are A. CPU usage and B. Memory usage. According to CompTIA DataSys+ objectives, monitoring server health is a foundational responsibility of a database administrator (DBA), and it primarily focuses on core system resources that directly impact database performance, stability, and availability. CPU and memory are the two most critical indicators of overall server health in database environments.

CPU usage reflects how much processing power is being consumed by database queries, background jobs, indexing operations, and concurrent user activity. High or sustained CPU utilization can indicate inefficient queries, missing indexes, blocking processes, or workload spikes. DataSys+ emphasizes CPU monitoring as essential for identifying performance bottlenecks and ensuring the database server can handle current and future workloads.

Memory usage is equally important because databases rely heavily on memory for caching data, query execution plans, and buffering disk I/O. Insufficient available memory can cause excessive disk reads, slower query performance, and system thrashing. DataSys+ materials highlight memory monitoring as a key metric for tuning database configurations and maintaining consistent performance.

Option C, transaction logs, are important for recovery, auditing, and troubleshooting but do not directly indicate overall server health; they reflect database activity rather than system resource status. Option D, network sniffers, are security and diagnostics tools used by network administrators, not standard DBA health metrics. Option E, domain controllers, relate to authentication infrastructure and fall outside the scope of database server health monitoring. Option F, firewall traffic, is relevant to network security monitoring, not internal server performance.

CompTIA DataSys+ clearly differentiates system health metrics (CPU, memory, disk I/O) from security and infrastructure components. For gauging server health effectively, CPU and memory usage provide the most direct, actionable insight. Therefore, A and B are the verified and correct answers.

The correct answer is C. An exact match is not possible in a SELECT statement. CompTIA DataSys+ documentation explains that wildcards are used in SQL primarily within the WHERE clause of a SELECT statement to enable pattern matching rather than exact value matching. Wildcards such as % and _ are commonly used with the LIKE operator to search for partial strings or variable patterns in character-based data.

In practical database usage, wildcards allow analysts and administrators to retrieve records when the full or exact value is unknown or unnecessary. For example, searching for all patient records with last names starting with “Mac%” or all email addresses ending in “@example.com” requires pattern-based matching. In these cases, an exact match is explicitly not required, which is the core purpose of wildcards in SQL queries.

Option A and D incorrectly reference the CREATE statement. Wildcards are not relevant to CREATE statements, which are used for defining database objects such as tables, indexes, or views. These statements require explicit definitions and do not support wildcard-based matching logic. Option B is also incorrect because a SELECT statement does not always require an exact match; this is precisely why wildcards exist and are heavily used in querying operations.

CompTIA DataSys+ emphasizes that understanding query flexibility is essential for data retrieval and reporting. Wildcards enhance query usability and efficiency by allowing broader result sets without complex logic or multiple conditions. They are particularly valuable in analytical, reporting, and troubleshooting scenarios where partial data exploration is required.

Therefore, the best description of the function of a wildcard in the WHERE clause is that it allows queries where an exact match is not required, making option C the correct and fully aligned answer according to CompTIA DataSys+ principles.

The option that best describes a collection of data that shares the same properties or attributes is entity set. An entity set is a term used in the entity-relationship (ER) model, which is a conceptual model for designing and representing databases. An entity set is a collection of entities that have the same type or characteristics, such as students, courses, products, etc. An entity is an object or thing that can be identified and distinguished from others, such as a specific student, course, product, etc. An entity set can have one or more attributes that describe the properties or features of the entities, such as name, age, price, etc. An entity set can also have one or more relationships with other entity sets that define how the entities are associated or connected, such as enrolled, taught by, purchased by, etc. The other options are either different terms or not related to the ER model at all. For example, relation set is a term used in the relational model, which is a logical model for implementing and manipulating databases; ER model is a term used to refer to the entity-relationship model itself; tuples are rows or records in a table or relation. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.1 Given a scenario, identify common database types.

The correct answer is C. SQL injection. According to CompTIA DataSys+ objectives, web-based input mechanisms such as contact forms and online surveys represent a significant attack surface for databases if they are not properly secured. These forms commonly accept user-supplied input that is later processed by backend database queries. If input validation and parameterized queries are not correctly implemented, attackers can exploit this by injecting malicious SQL code into form fields.

SQL injection attacks allow an attacker to manipulate database queries executed by the application. This can result in unauthorized access to sensitive data, data modification, data deletion, or even full database compromise. In a healthcare environment, this risk is especially critical because patient data is highly sensitive and often protected by regulatory requirements. DataSys+ highlights SQL injection as one of the most common and dangerous database-focused attacks due to its direct impact on data confidentiality, integrity, and availability.

Option A, Denial of Service (DoS), primarily affects system availability by overwhelming resources, but it does not directly target data stored within the database. Option B, ransomware, typically requires malware execution on servers or endpoints and is not specifically tied to web form input mechanisms. Option D, brute-force attacks, focus on repeatedly guessing authentication credentials and are more closely associated with login systems rather than data entry forms or surveys.

CompTIA DataSys+ materials emphasize that databases connected to web applications must use strong input validation, stored procedures, prepared statements, and least-privilege database accounts to mitigate SQL injection risks. Because contact forms and surveys directly interact with database queries and rely on untrusted user input, SQL injection represents the most direct and realistic threat in this scenario.

Therefore, SQL injection is the attack type to which the company’s data is most vulnerable, making option C the verified and correct answer.

The correct answer is D. Envelope encryption. CompTIA DataSys+ describes envelope encryption as a key management and data protection method that combines the efficiency of symmetric encryption with the security and manageability of hierarchical key structures. In this approach, data is first encrypted using a data encryption key (DEK), and then the DEK itself is encrypted (or “wrapped”) using a key encryption key (KEK), often referred to as a managed root key.

Envelope encryption is widely used in enterprise database systems and cloud platforms because it provides strong security while simplifying key rotation and management. Encrypting large volumes of data directly with a root or master key would be inefficient and risky. Instead, DataSys+ explains that symmetric DEKs are used for fast data encryption, while the root key is used only to protect the DEKs. If a root key must be rotated or compromised, only the wrapped DEKs need to be re-encrypted—not the underlying data.

Option A, asymmetric encryption, uses public and private key pairs but is computationally expensive and not typically used to encrypt large datasets directly. Option B, DEK-based encryption, is incomplete because it describes only the use of data encryption keys and does not account for the additional wrapping layer that defines envelope encryption. Option C, symmetric encryption, correctly describes how data is encrypted but does not include the managed key hierarchy required by the question.

CompTIA DataSys+ emphasizes envelope encryption as a best practice for data-at-rest protection, particularly in environments that require compliance, auditing, and centralized key management. It is commonly implemented using hardware security modules (HSMs) or cloud key management services.

Therefore, the method where data is encrypted with a DEK and then wrapped with a managed root key is envelope encryption, making option D the correct and fully verified answer.

The constraint that is used to enforce referential integrity is foreign key. A foreign key is a column or a set of columns in a table that references the primary key of another table. A primary key is a column or a set of columns in a table that uniquely identifies each row in the table. Referential integrity is a rule that ensures that the values in the foreign key column match the values in the primary key column of the referenced table. Referential integrity helps maintain the consistency and accuracy of the data across related tables. The other options are either different types of constraints or not related to referential integrity at all. For example, a surrogate key is a column that is artificially generated to serve as a primary key, such as an auto-increment number or a GUID (Globally Unique Identifier); a unique key is a column or a set of columns in a table that uniquely identifies each row in the table, but it can have null values unlike a primary key; there is no such constraint as TID. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.

The database structure that is a type of NoSQL database is key-value stores. Key-value stores are databases that store and manage data as pairs of keys and values. Keys are unique identifiers that locate data in the database; values are arbitrary data that can be any type or format. Key-value stores do not use any schema or structure to organize data, but rather use hash tables or indexes to enable fast and simple access to data based on keys. Key-value stores are suitable for storing large amounts of simple or unstructured data that do not require complex queries or relationships. The other options are either different types of databases or not related to database structures at all. For example, hierarchical databases are databases that store and manage data as nodes in a tree-like structure; cloud databases are databases that are hosted and accessed over the internet using cloud computing services; object-oriented databases are databases that store and manage data as objects that have attributes and methods. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.1 Given a scenario, identify common database types.

The option that is used to hide data in a database so the data can only be read by a user who has a key is data encryption. Data encryption is a process that transforms data into an unreadable or scrambled form using an algorithm and a key. Data encryption helps protect data from unauthorized access or modification by third parties, such as hackers, eavesdroppers, or interceptors. Data encryption also helps verify the identity and authenticity of the source and destination of the data using digital signatures or certificates. Data encryption can be applied to data at rest (stored in a database) or data in transit (transmitted over a network). To read encrypted data, a user needs to have the corresponding key to decrypt or restore the data to its original form. The other options are either different concepts or not related to hiding data at all. For example, data security is a broad term that encompasses various methods and techniques to protect data from threats or risks; data masking is a technique that replaces sensitive data with fictitious but realistic data to protect its confidentiality or compliance; data protection is a term that refers to the legal or ethical obligations to safeguard personal or sensitive data from misuse or harm. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.2 Given a scenario, implement security controls for databases.

The correct answer is B. Brute-force. CompTIA DataSys+ identifies brute-force attacks as a common authentication-based threat in database and system environments. A brute-force attack involves repeatedly attempting to authenticate to an account by systematically trying different credentials or repeatedly targeting known or default accounts in hopes that one attempt will succeed. The presence of multiple ongoing connection attempts in logs is a key indicator of this attack type.

In this scenario, the attacker is attempting to connect using a default account, even though it has been disabled. Default accounts are well-known targets because attackers are often aware of their usernames and may assume weak or unchanged credentials. DataSys+ emphasizes that attackers frequently attempt brute-force or password-spraying attacks against default or administrative accounts, especially when exposed services are accessible over the network. Even if the account is disabled, repeated attempts still generate log entries and clearly signal brute-force behavior.

Option A, malware, typically involves malicious software executing on a system and does not primarily manifest as repeated login attempts in authentication logs. Option C, on-path (man-in-the-middle) attacks, involve intercepting or altering network traffic between two parties and would not appear as repeated failed authentication attempts from a single source. Option D, SQL injection, targets application input fields and database queries, not authentication mechanisms tied to account logins.

CompTIA DataSys+ stresses the importance of monitoring logs for failed authentication attempts as part of intrusion detection and security auditing. It also highlights defensive controls such as account lockout policies, disabling default accounts, strong authentication mechanisms, and intrusion detection systems to mitigate brute-force attacks.

Because the defining characteristic in the scenario is repeated connection attempts against an account, the activity is best classified as a brute-force attack, making option B the correct and fully verified answer.

The statement that the administrator should use to remove inactive customers from a database is option A. This statement uses the DELETE command to delete all the rows from the customer table where the status column is equal to 'inactive'. The other options either have syntax errors, use incorrect commands, or do not specify the condition correctly. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.

The option that sets the age requirement for data that should be recovered after a major disaster is RPO. RPO, or Recovery Point Objective, is a metric that defines the maximum amount of data that can be lost or acceptable data loss in the event of a disaster or disruption. RPO indicates how frequently the data should be backed up or replicated to minimize the risk of data loss. RPO also sets the age requirement for data that should be recovered after a major disaster, as it determines how far back in time the recovery process should go. For example, if the RPO is one hour, then the data should be backed up or replicated every hour, and the recovery process should restore the data to the state it was in one hour before the disaster. The other options are either different metrics or not related to data recovery at all. For example, MTBF, or Mean Time Between Failures, is a metric that measures the average time that a system or component operates without failure; RTO, or Recovery Time Objective, is a metric that defines the maximum amount of time that can be taken to restore a system or service after a disaster or disruption; MTTF, or Mean Time To Failure, is a metric that measures the average time that a system or component operates until it fails. References: CompTIA DataSys+ Course Outline, Domain 5.0 Business Continuity, Objective 5.3 Given a scenario, implement backup and restoration of data.

The option that is recommended in order to provide encrypted data communication pathways for information as it is transmitted over a network is TLS. TLS, or Transport Layer Security, is a protocol that provides secure communication over the internet by encrypting the data using cryptographic algorithms and keys. TLS also provides authentication and integrity by verifying the identity of the parties involved and ensuring that the data has not been altered or tampered with. TLS can be used to protect various types of data, such as web traffic, email, instant messaging, voice over IP, etc. The other options are either not related or not sufficient for this purpose. For example, TCP/IP, or Transmission Control Protocol/Internet Protocol, is a set of protocols that defines how data is transmitted and routed over the internet, but does not provide encryption or security; NFS, or Network File System, is a protocol that allows users to access and share files over a network, but does not provide encryption or security; SMB, or Server Message Block, is a protocol that allows users to access and share files, printers, and other resources over a network, but does not provide encryption or security. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.2 Given a scenario, implement security controls for databases.

The query that the administrator should use to create the table is option B. This query uses the CREATE TABLE statement to define a new table named XYZ with three columns: ID, Name, and Age. Each column has a data type and a constraint, such as NOT NULL, PRIMARY KEY, or CHECK. The other options either have syntax errors, use incorrect keywords, or do not specify the table name or columns correctly. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.1 Given a scenario, identify and apply database structure types.

The property that addresses this concern is durability. Durability is one of the four properties (ACID) that ensure reliable transactions in a database system. Durability means that once a transaction has been committed, its effects are permanent and will not be lost in case of system failure, power outage, crash, etc. Durability can be achieved by using techniques such as write-ahead logging, checkpoints, backup and recovery, etc. The other options are either not related or not specific to this concern. For example, isolation means that concurrent transactions do not interfere with each other and produce consistent results; atomicity means that a transaction is either executed as a whole or not at all; consistency means that a transaction preserves the validity and integrity of the data. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.3 Given a scenario, identify common database issues.

The tool that is used for natively running a Linux system in Windows is WSL. WSL, or Windows Subsystem for Linux, is a feature that allows users to run a Linux system natively on Windows 10 or Windows Server. WSL enables users to install and use various Linux distributions, such as Ubuntu, Debian, Fedora, etc., and run Linux commands, tools, applications, etc., without requiring a virtual machine or a dual-boot setup. WSL also provides users with interoperability and integration between Linux and Windows, such as file system access, network communication, process management, etc. WSL is useful for users who want to use Linux features or functionalities on Windows, such as development, testing, scripting, etc. The other options are either different tools or not related to running a Linux system in Windows at all. For example, Remote Desktop Protocol (RDP) is a protocol that allows users to remotely access and control another computer or device over a network; SSH, or Secure Shell, is a protocol that allows users to securely connect and communicate with another computer or device over a network; Telnet is a protocol that allows users to interact with another computer or device over a network using a text-based interface. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.

 The action that the administrator should take is to review the server logs for entries. Server logs are files that record the events and activities that occur on a server, such as database backups, errors, warnings, or failures. By reviewing the server logs, the administrator can verify that the database backups are occurring on a daily basis and at scheduled times, and also identify any issues or anomalies that may affect the backup process or the backup quality. The other options are either not relevant or not sufficient for this task. For example, querying the database to observe entries may not show the backup status or frequency, checking the database schema may not reflect the backup schedule or policy, and reviewing the backup media may not indicate the backup time or duration. References: CompTIA DataSys+ Course Outline, Domain 5.0 Business Continuity, Objective 5.2 Given a scenario, implement backup and restoration of database management systems.

The computer service that associates IP network addresses with text-based names in order to facilitate identification and connectivity is IDNS. IDNS, or Internet Domain Name System (DNS), is a service that translates domain names into IP addresses and vice versa. Domain names are human-readable names that identify websites or devices on the internet, such as www.comptia.org or www.google.com. IP addresses are numerical identifiers that locate websites or devices on the internet, such as 104.18.26.46 or 142.250.72.238. IDNS helps users to access websites or devices using domain names instead of IP addresses, which are easier to remember and type. IDNS also helps administrators to manage websites or devices using domain names instead of IP addresses, which are more flexible and scalable. The other options are either different computer services or not related to IP network addresses or text-based names at all. For example, LDAP, or Lightweight Directory Access Protocol, is a service that provides access to directory information such as users, groups, or devices on a network; NTP, or Network Time Protocol, is a service that synchronizes the clocks of computers or devices on a network; DHCP, or Dynamic Host Configuration Protocol, is a service that assigns IP addresses and other network configuration parameters to computers or devices on a network. References:  CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.1 Given a scenario, select an appropriate database deployment method.

The correct answer is A. DDL statement. CompTIA DataSys+ clearly classifies the TRUNCATE statement as a Data Definition Language (DDL) operation because it affects the structure and allocation of database objects rather than manipulating individual rows in a transactional manner.

TRUNCATE is used to quickly remove all rows from a table while preserving the table structure itself. Unlike DELETE, which is a Data Manipulation Language (DML) statement that removes rows one by one and can be rolled back in many database systems, TRUNCATE operates by deallocating data pages. This makes it significantly faster and more efficient for clearing large tables, but also more destructive in nature. DataSys+ emphasizes that DDL operations are typically auto-committed, meaning they cannot be rolled back once executed in most implementations.

Option D, DML, is incorrect because DML statements (such as SELECT, INSERT, UPDATE, and DELETE) work at the row level and are designed for routine data manipulation within existing structures. TRUNCATE does not qualify because it bypasses row-level logging and transactional controls. Option B, DCL (Data Control Language), is used for permission and access management (e.g., GRANT, REVOKE) and has no role in data removal. Option C, MCL, is not a recognized SQL command category and is therefore invalid.

CompTIA DataSys+ materials stress the importance of understanding SQL command categories, particularly the risks associated with DDL statements. Because TRUNCATE is fast, non-transactional, and irreversible in most cases, it should be used cautiously and typically only by administrators. Its classification as DDL is essential knowledge for exam objectives related to database operations, data safety, and change management.

Therefore, the correct and verified classification of TRUNCATE is DDL, making option A the correct answer.

The correct answer is A. High temperatures activated the fire suppression system. According to CompTIA DataSys+ objectives, physical infrastructure protections are a critical component of database and data center reliability. CO₂ fire suppression systems are specifically designed to respond to fire-related conditions, not recovery metrics or cooling system logic. These systems are typically triggered by smoke detectors, heat sensors, or rapid temperature increases that indicate a fire or imminent fire risk following an event such as a power failure.

When a power outage occurs, backup systems such as generators and uninterruptible power supplies may activate. If these systems malfunction or generate excessive heat, temperature thresholds can be exceeded within minutes. DataSys+ materials emphasize that automated environmental controls are designed to protect equipment and data by suppressing fires quickly, often before flames are visible. CO₂ systems work by displacing oxygen, thereby extinguishing fire without damaging sensitive electronic equipment with water or chemical residue.

Options B and D are incorrect because RPO (Recovery Point Objective) and RTO (Recovery Time Objective) are disaster recovery planning metrics. RPO defines acceptable data loss measured in time, while RTO defines acceptable downtime. Neither setting directly triggers physical fire suppression systems. They are planning and policy metrics, not automated environmental controls.

Option C is also incorrect because cooling systems do not activate CO₂ fire suppression. Cooling failures may indirectly contribute to rising temperatures, but the CO₂ system itself is triggered by fire detection mechanisms, not by cooling system logic.

CompTIA DataSys+ clearly distinguishes between environmental controls (fire suppression, HVAC, power) and disaster recovery metrics (RPO, RTO). Therefore, option A best aligns with documented data center operational behavior and exam objectives.