Which of the following types of RAID, if configured with the same number and type of disks, would provide the best write performance?
RAID 3
RAID 5
RAID 6
RAID 10
The type of RAID that would provide the best write performance if configured with the same number and type of disks is RAID 10. RAID 10, or RAID 1+0, is a type of RAID that combines mirroring and striping techniques to provide both redundancy and performance. Mirroring means that data is duplicated across two or more disks to provide fault tolerance and data protection. Striping means that data is split into blocks and distributed across two or more disks to provide faster access and throughput. RAID 10 requires at least four disks and can tolerate the failure of up to half of the disks without losing data. RAID 10 provides the best write performance among the RAID types because it can write data in parallel to multiple disks without parity calculations or overhead. The other options are either different types of RAID or not related to RAID at all. For example, RAID 3 is a type of RAID that uses striping with a dedicated parity disk to provide redundancy and performance; RAID 5 is a type of RAID that uses striping with distributed parity to provide redundancy and performance; RAID 6 is a type of RAID that uses striping with double distributed parity to provide extra redundancy and performance. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.1 Given a scenario, perform common database maintenance tasks.
(Evidence from logs shows multiple ongoing attempts to connect with a default account that was disabled. Which of the following best describes this type of attack?)
Malware
Brute-force
On-path
SQL injection
The correct answer is B. Brute-force. CompTIA DataSys+ identifies brute-force attacks as a common authentication-based threat in database and system environments. A brute-force attack involves repeatedly attempting to authenticate to an account by systematically trying different credentials or repeatedly targeting known or default accounts in hopes that one attempt will succeed. The presence of multiple ongoing connection attempts in logs is a key indicator of this attack type.
In this scenario, the attacker is attempting to connect using a default account, even though it has been disabled. Default accounts are well-known targets because attackers are often aware of their usernames and may assume weak or unchanged credentials. DataSys+ emphasizes that attackers frequently attempt brute-force or password-spraying attacks against default or administrative accounts, especially when exposed services are accessible over the network. Even if the account is disabled, repeated attempts still generate log entries and clearly signal brute-force behavior.
Option A, malware, typically involves malicious software executing on a system and does not primarily manifest as repeated login attempts in authentication logs. Option C, on-path (man-in-the-middle) attacks, involve intercepting or altering network traffic between two parties and would not appear as repeated failed authentication attempts from a single source. Option D, SQL injection, targets application input fields and database queries, not authentication mechanisms tied to account logins.
CompTIA DataSys+ stresses the importance of monitoring logs for failed authentication attempts as part of intrusion detection and security auditing. It also highlights defensive controls such as account lockout policies, disabling default accounts, strong authentication mechanisms, and intrusion detection systems to mitigate brute-force attacks.
Because the defining characteristic in the scenario is repeated connection attempts against an account, the activity is best classified as a brute-force attack, making option B the correct and fully verified answer.
Which of the following would a database administrator monitor to gauge server health? (Choose two.)
CPU usage
Memory usage
Transaction logs
Network sniffer
Domain controllers
Firewall traffic
The two factors that the database administrator should monitor to gauge server health are CPU usage and memory usage. CPU usage is the percentage of time that the processor (CPU) of the server is busy executing instructions or processes. CPU usage indicates how much workload the server can handle and how fast it can process requests. High CPU usage may affect the performance or availability of the server and cause delays or errors. Memory usage is the amount of physical memory (RAM) or virtual memory (swap space) that the server uses to store data or run applications. Memory usage indicates how much space the server has to store temporary or intermediate data or results. High memory usage may affect the performance or availability of the server and cause swapping or paging. The other options are either not relevant or not direct indicators of server health. For example, transaction logs are files that record the changes made by transactions on the database; network sniffer is a tool that captures and analyzes network traffic; domain controllers are servers that manage user authentication and authorization in a network; firewall traffic is the amount of data that passes through a firewall device or software. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.2 Given a scenario, monitor database performance.
A database administrator is conducting a stress test and providing feedback to a team that is developing an application that uses the Entity Framework. Which of the following explains the approach the administrator should use when conducting the stress test?
Capture business logic, check the performance of codes, and report findings.
Check the clustered and non-clustered indexes, and report findings.
Review application tables and columns, and report findings.
Write queries directly into the database and report findings.
The approach that the administrator should use when conducting the stress test is to capture business logic, check the performance of codes, and report findings. This will help the administrator to evaluate how well the application handles high volumes of data and transactions, identify any bottlenecks or errors in the code, and provide feedback to the development team on how to improve the application’s efficiency and reliability. The other options are either too narrow or too broad in scope, and do not address the specific needs of an application that uses the Entity Framework. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.3 Given a scenario, monitor database performance and security.
(A company’s database was hacked. A security officer conducted an audit and discovered that an attacker used a rainbow table to break into one of the user accounts to access the database. Which of the following is the best immediate response to this attack?)
Security and awareness training
Implementation of security policies and procedures
Strong passwords
Password hash salting
The correct answer is D. Password hash salting. According to CompTIA DataSys+ objectives, rainbow table attacks specifically target hashed passwords by using precomputed hash values to quickly reverse weak or unsalted hashes back into their original plaintext passwords. If an attacker successfully used a rainbow table, it strongly indicates that the database stored password hashes without proper salting or used weak hashing algorithms.
Password salting is a defensive technique where a unique random value (the salt) is added to each password before hashing. This ensures that even if two users have the same password, their resulting hashes are different. More importantly, salting renders rainbow tables ineffective because the attacker would need to generate a separate rainbow table for every possible salt value, which is computationally impractical. DataSys+ highlights salting as a critical immediate control to protect stored credentials once a password compromise is identified.
Option C, strong passwords, is a preventative control but not the best immediate response. Even strong passwords can be compromised if hashes are unsalted and exposed. Option A, security and awareness training, addresses user behavior but does not mitigate the technical weakness exploited in this attack. Option B, implementing security policies and procedures, is important for long-term governance but does not directly stop rainbow table attacks against existing password hashes.
CompTIA DataSys+ emphasizes that when credential storage mechanisms are compromised, administrators must prioritize cryptographic protections at the database level. This includes salting, using strong hashing algorithms, and forcing credential resets. Among the options provided, password hash salting is the most direct and effective response to prevent the same attack vector from succeeding again.
Therefore, the best immediate response is D. Password hash salting, making it the verified and correct answer aligned with CompTIA DataSys+ guidance.
Which of the following have data manipulation and procedural scripting power? (Choose two.)
PQL
PL/SQL
Advanced
SQL
SQL
T-SQL
The two options that have data manipulation and procedural scripting power are PL/SQL and T-SQL. PL/SQL, or Procedural Language/Structured Query Language, is an extension of SQL that adds procedural features to SQL for Oracle databases. PL/SQL allows users to create and execute stored procedures, functions, triggers, packages, etc., using variables, loops, conditions, exceptions, etc., in addition to SQL commands. PL/SQL helps improve the performance, functionality, modularity, and security of SQL queries and applications. T-SQL, or Transact-SQL, is an extension of SQL that adds procedural features to SQL for Microsoft SQL Server databases. T-SQL allows users to create and execute stored procedures, functions, triggers, etc., using variables, loops, conditions, exceptions, etc., in addition to SQL commands. T-SQL helps improve the performance, functionality, modularity, and security of SQL queries and applications. The other options are either not related or not having both data manipulation and procedural scripting power. For example, PQL, or Power Query Language, is a data analysis and transformation language for Microsoft Power BI and Excel; Advanced SQL is a term that refers to the advanced features or techniques of SQL, such as subqueries, joins, aggregations, etc.; SQL, or Structured Query Language, is a standard language for manipulating and querying data in relational databases, but it does not have procedural features. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.
(Analysts are writing complex queries across live tables for a database administrator. Which of the following is the best solution for the analysts to implement in order to improve user performance?)
Creating views to support repeat queries
Removing data redundancy
Modifying the data in the table
Deleting records from the table
The correct answer is A. Creating views to support repeat queries. CompTIA DataSys+ emphasizes that views are an effective way to improve performance, usability, and consistency when users frequently run complex queries against live production tables. A view is a virtual table based on a predefined SQL query that presents data in a simplified and reusable format without physically storing the data.
When analysts run complex queries directly against live tables, it can increase CPU usage, I/O operations, and locking contention, potentially impacting other users and critical workloads. By creating views, the database administrator can encapsulate complex joins, filters, and aggregations into a single logical object. Analysts can then query the view instead of repeatedly executing expensive SQL statements. This reduces query complexity, improves readability, and can lead to more predictable performance. DataSys+ highlights views as a best practice for supporting reporting and analytical workloads while minimizing disruption to transactional systems.
Option B, removing data redundancy, is related to normalization and data integrity, not query performance optimization for analysts. Option C, modifying the data in the table, risks data integrity issues and does not address performance concerns. Option D, deleting records from the table, may reduce table size but is not an appropriate or safe method for improving user query performance and can result in data loss.
CompTIA DataSys+ also notes that views can enhance security by limiting analysts’ access to only the required columns or rows, further protecting live data. In some implementations, indexed or materialized views can offer additional performance benefits for repeated queries.
Therefore, the best solution to improve analyst performance when running complex, repeat queries on live tables is creating views to support repeat queries, making option A the correct and fully verified answer.
Which of the following is the deployment phase in which a DBA ensures the most recent patches are applied to the new database?
Importing
Upgrading
Provisioning
Modifying
The deployment phase in which a DBA ensures the most recent patches are applied to the new database is upgrading. Upgrading is a process that updates an existing database system or software to a newer version or release that may include new features, enhancements, bug fixes, security patches, etc. Upgrading helps improve the performance, functionality, compatibility, and security of the database system or software. Upgrading can be done manually or automatically using tools or scripts provided by the vendor or developer. Upgrading can also involve testing, backup, migration, or rollback procedures to ensure the quality and reliability of the new version or release. The other options are either different deployment phases or not related to deployment at all. For example, importing is a process that transfers data from one source to another using files or formats; provisioning is a process that allocates resources such as servers, storage, network, etc., for a system or software; modifying is a process that changes existing data or objects in a database using commands or scripts. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.3 Given a scenario, update database systems.
Which of the following is a reason to create a stored procedure?
To minimize storage space
To improve performance
To bypass case sensitivity requirements
To give control of the query logic to the user
A reason to create a stored procedure is to improve performance. A stored procedure is a set of SQL statements or commands that are stored and compiled in the database server, and can be executed by name or by a trigger. A stored procedure can improve performance by reducing the network traffic between the client and the server, as only the name or the parameters of the stored procedure need to be sent, rather than the entire SQL code. A stored procedure can also improve performance by reusing the same execution plan, as the stored procedure is compiled only once and cached in the server memory. The other options are either not true or not relevant for this purpose. For example, a stored procedure does not necessarily minimize storage space, as it still occupies space in the database server; a stored procedure does not bypass case sensitivity requirements, as it still follows the rules of the database system; a stored procedure does not give control of the query logic to the user, as it is defined and maintained by the database administrator or developer. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.
(Which of the following indexes stores records in a tabular format?)
Columnstore
Non-clustered
Unique
Secondary
The correct answer is A. Columnstore. According to CompTIA DataSys+, a columnstore index stores data in a column-oriented, tabular structure, where each column of a table is stored separately rather than storing entire rows together. This design is particularly optimized for analytical and reporting workloads, which commonly scan large datasets and perform aggregations on specific columns.
In a columnstore index, data is logically still represented in a table-like (tabular) format, but physically organized by columns instead of rows. This allows the database engine to read only the required columns for a query, significantly reducing disk I/O and improving query performance. DataSys+ highlights columnstore indexes as a best practice for data warehousing, business intelligence, and read-heavy analytical queries.
Option B, a non-clustered index, stores a separate index structure that contains indexed column values and pointers to the underlying table rows. While it improves lookup performance, it does not store data in a tabular columnar format. Option C, a unique index, is a constraint-based index that enforces uniqueness on column values but does not define how data is physically stored. Option D, a secondary index, is a general term for indexes that are not primary and does not specifically describe column-based tabular storage.
Sys+ emphasizes understanding different index types and their appropriate use cases. Columnstore indexes are distinct because they physically reorganize data by columns, compress data efficiently, and support high-performance analytics. This makes them especially effective in scenarios involving large datasets and complex queries.
Therefore, the index type that stores records in a tabular, column-oriented format is the columnstore index, making option A the correct and fully verified answer aligned with CompTIA DataSys+ objectives.
A developer is designing a table that does not have repeated values. Which of the following indexes should the developer use to prevent duplicate values from being inserted?
Unique
Single column
Implicit
Composite
The index that the developer should use to prevent duplicate values from being inserted is unique. A unique index is a type of index that enforces the uniqueness of the values in one or more columns of a table. A unique index ensures that no two rows in the table have the same value or combination of values in the indexed columns. A unique index helps to maintain data integrity and avoid data duplication or inconsistency. The other options are either not related or not effective for this purpose. For example, a single column index is a type of index that involves only one column of a table, but it does not prevent duplicate values unless it is also unique; an implicit index is a type of index that is automatically created by the database system when a constraint or a primary key is defined on a column or columns of a table, but it does not prevent duplicate values unless it is also unique; a composite index is a type of index that involves two or more columns of a table, but it does not prevent duplicate values unless it is also unique. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.
Which of the following sets the age requirement for data that should be recovered after a major disaster?
MTBF
RTO
MTTF
RPO
The option that sets the age requirement for data that should be recovered after a major disaster is RPO. RPO, or Recovery Point Objective, is a metric that defines the maximum amount of data that can be lost or acceptable data loss in the event of a disaster or disruption. RPO indicates how frequently the data should be backed up or replicated to minimize the risk of data loss. RPO also sets the age requirement for data that should be recovered after a major disaster, as it determines how far back in time the recovery process should go. For example, if the RPO is one hour, then the data should be backed up or replicated every hour, and the recovery process should restore the data to the state it was in one hour before the disaster. The other options are either different metrics or not related to data recovery at all. For example, MTBF, or Mean Time Between Failures, is a metric that measures the average time that a system or component operates without failure; RTO, or Recovery Time Objective, is a metric that defines the maximum amount of time that can be taken to restore a system or service after a disaster or disruption; MTTF, or Mean Time To Failure, is a metric that measures the average time that a system or component operates until it fails. References: CompTIA DataSys+ Course Outline, Domain 5.0 Business Continuity, Objective 5.3 Given a scenario, implement backup and restoration of data.
Over the weekend, a company’s transaction database was moved to an upgraded server. All validations performed after the migration indicated that the database was functioning as expected. However, on Monday morning, multiple users reported that the corporate reporting application was not working.
Which of the following are the most likely causes? (Choose two.)
The access permissions for the service account used by the reporting application were not changed.
The new database server has its own reporting system, so the old one is not needed.
The reporting jobs that could not process during the database migration have locked the application.
The reporting application's mapping to the database location was not updated.
The database server is not permitted to fulfill requests from a reporting application.
The reporting application cannot keep up with the new, faster response from the database.
The most likely causes of the reporting application not working are that the access permissions for the service account used by the reporting application were not changed, and that the reporting application’s mapping to the database location was not updated. These two factors could prevent the reporting application from accessing the new database server. The other options are either irrelevant or unlikely to cause the problem. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.2 Given a scenario, troubleshoot common database issues.
(A healthcare company relies on contact forms and surveys on its website to properly communicate with patients. To which of the following attacks is the company’s data most vulnerable?)
DoS
Ransomware
SQL injection
Brute-force
The correct answer is C. SQL injection. According to CompTIA DataSys+ objectives, web-based input mechanisms such as contact forms and online surveys represent a significant attack surface for databases if they are not properly secured. These forms commonly accept user-supplied input that is later processed by backend database queries. If input validation and parameterized queries are not correctly implemented, attackers can exploit this by injecting malicious SQL code into form fields.
SQL injection attacks allow an attacker to manipulate database queries executed by the application. This can result in unauthorized access to sensitive data, data modification, data deletion, or even full database compromise. In a healthcare environment, this risk is especially critical because patient data is highly sensitive and often protected by regulatory requirements. DataSys+ highlights SQL injection as one of the most common and dangerous database-focused attacks due to its direct impact on data confidentiality, integrity, and availability.
Option A, Denial of Service (DoS), primarily affects system availability by overwhelming resources, but it does not directly target data stored within the database. Option B, ransomware, typically requires malware execution on servers or endpoints and is not specifically tied to web form input mechanisms. Option D, brute-force attacks, focus on repeatedly guessing authentication credentials and are more closely associated with login systems rather than data entry forms or surveys.
CompTIA DataSys+ materials emphasize that databases connected to web applications must use strong input validation, stored procedures, prepared statements, and least-privilege database accounts to mitigate SQL injection risks. Because contact forms and surveys directly interact with database queries and rely on untrusted user input, SQL injection represents the most direct and realistic threat in this scenario.
Therefore, SQL injection is the attack type to which the company’s data is most vulnerable, making option C the verified and correct answer.
A database administrator is new to a company and wants to create a document that illustrates the interaction between tables. Which of the following should the administrator create?
Troubleshooting guide
Entity relationship diagram
Data dictionary
Database reference manual
The document that the administrator should create to illustrate the interaction between tables is an entity relationship diagram. An entity relationship diagram (ERD) is a graphical representation of the entities (tables), attributes (columns), and relationships (constraints) in a database. An ERD helps the administrator to visualize the structure and design of the database, as well as the dependencies and associations among the tables. The other options are either different types of documents or not related to the interaction between tables. For example, a troubleshooting guide is a document that provides instructions on how to solve common problems or errors in a database; a data dictionary is a document that describes the metadata (information about data) of a database; a database reference manual is a document that provides information on how to use or operate a database. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.2 Given a scenario, create database objects using scripting and programming languages.
A server administrator wants to analyze a database server's disk throughput. Which of the following should the administrator measure?
RPfvl
Latency
IOPS
Reads
The factor that the administrator should measure to analyze a database server’s disk throughput is IOPS. IOPS, or Input/Output Operations Per Second, is a metric that measures the number of read and write operations that a disk can perform in one second. IOPS indicates the performance or speed of a disk and how well it can handle multiple requests or transactions. Higher IOPS means higher disk throughput and lower latency. IOPS can be affected by various factors, such as disk type, size, speed, cache, RAID level, etc. The other options are either not related or not sufficient for this purpose. For example, RPfvl is not a valid acronym or metric; latency is the time delay between a request and a response; reads are the number of read operations performed by a disk. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.2 Given a scenario, monitor database performance.
Which of the following services is responsible for assigning, managing, and reclaiming IP addresses on a TCP/IP-based network?
DNS
DHCP
LDAP
ISMTP
The service that is responsible for assigning, managing, and reclaiming IP addresses on a TCP/IP-based network is DHCP. DHCP, or Dynamic Host Configuration Protocol, is a service that automatically assigns IP addresses and other network configuration parameters, such as subnet mask, default gateway, DNS server, etc., to computers or devices on a network. DHCP helps simplify the administration and management of IP addresses on a network, as well as avoid conflicts or errors caused by manual or duplicate assignments. DHCP also allows computers or devices to release or renew their IP addresses when they join or leave the network. The other options are either different services or not related to IP addresses at all. For example, DNS, or Domain Name System, is a service that translates domain names into IP addresses and vice versa; LDAP, or Lightweight Directory Access Protocol, is a service that provides access to directory information such as users, groups, or devices on a network; ISMTP is not a valid acronym or service. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.1 Given a scenario, select an appropriate database deployment method.
(Which of the following normal forms (NFs) is considered the most preferable for relational database design?)
1NF
2NF
3NF
4NF
The correct answer is C. 3NF (Third Normal Form). According to CompTIA DataSys+, Third Normal Form is widely regarded as the most preferable and practical level of normalization for relational database design in real-world environments. It strikes an optimal balance between reducing data redundancy, maintaining data integrity, and preserving query performance.
To understand why 3NF is preferred, it is important to consider the progression of normalization. First Normal Form (1NF) ensures that tables contain atomic values and no repeating groups. Second Normal Form (2NF) builds on this by eliminating partial dependencies, ensuring that non-key attributes depend on the entire primary key. While these forms improve structure, they do not fully address all redundancy issues.
Third Normal Form (3NF) goes further by removing transitive dependencies, meaning that non-key attributes depend only on the primary key and not on other non-key attributes. This significantly reduces duplication of data and prevents common anomalies during INSERT, UPDATE, and DELETE operations. CompTIA DataSys+ emphasizes that eliminating transitive dependencies is critical for maintaining long-term data consistency and integrity.
Although Fourth Normal Form (4NF) and higher normal forms exist, DataSys+ notes that they are typically applied only in specialized cases involving complex multi-valued dependencies. Over-normalization beyond 3NF can increase schema complexity, require excessive joins, and negatively impact performance without providing proportional benefits in most transactional systems.
As a result, 3NF is considered the industry-standard target for relational database design. It provides a clean, maintainable schema that supports scalability, reduces redundancy, and aligns well with performance expectations. CompTIA DataSys+ highlights 3NF as the most commonly implemented and recommended normalization level for operational databases.
Therefore, the most preferable normal form for relational database design is 3NF, making option C the correct and fully verified answer.
Which of the following is the correct order of the steps in the database deployment process?
A)
1. Connect
2. Install
3. Configure
4. Confirm prerequisites
5. Validate
6. Test
7. Release
B)
1. Configure
2. Install
3. Connect
4. Test
5. Confirm prerequisites
6. Validate
7. Release
C)
1. Confirm prerequisites
2. Install
3. Configure
4. Connect
5. Test
6. Validate
7. Release
D)
1. Install
2. Configure
3. Confirm prerequisites
4. Connect
5. Test
6. Validate
7. Release
Option A
Option B
Option C
Option D
The correct order of the steps in the database deployment process is option C. This order follows the best practices for deploying a database system, which are:
Confirm prerequisites: Check the system requirements and compatibility of the database software and tools before installation.
Install: Install the database software and tools on the target server or platform.
Configure: Configure the database settings and parameters according to the specifications and needs of the application or organization.
Connect: Connect the database to the network and other systems or applications that will access it.
Test: Test the functionality and performance of the database system and verify that it meets the expectations and requirements.
Validate: Validate the data quality and integrity of the database system and ensure that it complies with the standards and regulations.
Release: Release the database system to production and make it available for use by end-users or customers. The other options do not follow this order and may result in errors, inefficiencies, or security issues. References: CompTIA DataSys+ Course Outline, Domain 2.0 Database Deployment, Objective 2.1 Given a scenario, install and configure database software and tools.
A database administrator would like to create a table named XYZ. Which of the following queries should the database administrator use to create the table?
A)

B)

C)

D)

Option A
Option B
Option C
Option D
The query that the administrator should use to create the table is option B. This query uses the CREATE TABLE statement to define a new table named XYZ with three columns: ID, Name, and Age. Each column has a data type and a constraint, such as NOT NULL, PRIMARY KEY, or CHECK. The other options either have syntax errors, use incorrect keywords, or do not specify the table name or columns correctly. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.1 Given a scenario, identify and apply database structure types.
(Which of the following statements is TRUNCATE an example of?)
DDL statement
DCL statement
MCL statement
DML statement
The correct answer is A. DDL statement. CompTIA DataSys+ clearly classifies the TRUNCATE statement as a Data Definition Language (DDL) operation because it affects the structure and allocation of database objects rather than manipulating individual rows in a transactional manner.
TRUNCATE is used to quickly remove all rows from a table while preserving the table structure itself. Unlike DELETE, which is a Data Manipulation Language (DML) statement that removes rows one by one and can be rolled back in many database systems, TRUNCATE operates by deallocating data pages. This makes it significantly faster and more efficient for clearing large tables, but also more destructive in nature. DataSys+ emphasizes that DDL operations are typically auto-committed, meaning they cannot be rolled back once executed in most implementations.
Option D, DML, is incorrect because DML statements (such as SELECT, INSERT, UPDATE, and DELETE) work at the row level and are designed for routine data manipulation within existing structures. TRUNCATE does not qualify because it bypasses row-level logging and transactional controls. Option B, DCL (Data Control Language), is used for permission and access management (e.g., GRANT, REVOKE) and has no role in data removal. Option C, MCL, is not a recognized SQL command category and is therefore invalid.
CompTIA DataSys+ materials stress the importance of understanding SQL command categories, particularly the risks associated with DDL statements. Because TRUNCATE is fast, non-transactional, and irreversible in most cases, it should be used cautiously and typically only by administrators. Its classification as DDL is essential knowledge for exam objectives related to database operations, data safety, and change management.
Therefore, the correct and verified classification of TRUNCATE is DDL, making option A the correct answer.
Which of the following can be used to protect physical database appliances from damage in a server room? (Choose two.)
Biometric access systems
Database control systems
Fire suppression systems
Camera systems
Key card systems
Cooling systems
The two options that can be used to protect physical database appliances from damage in a server room are fire suppression systems and cooling systems. Fire suppression systems are systems that detect and extinguish fires in a server room using water, gas, foam, or other agents. Fire suppression systems help prevent damage to physical database appliances caused by fire hazards such as overheating, electrical faults, or flammable materials. Cooling systems are systems that regulate the temperature and humidity in a server room using fans, air conditioners, chillers, or other devices. Cooling systems help prevent damage to physical database appliances caused by excessive heat or moisture that may affect their performance or lifespan. The other options are either not related or not effective for this purpose. For example, biometric access systems, camera systems, and key card systems are systems that control the access to a server room using fingerprints, facial recognition, video surveillance, or magnetic cards; these systems help prevent unauthorized entry or theft of physical database appliances, but not damage caused by environmental factors; database control systems are systems that manage the functionality and security of databases using software tools or commands; these systems help protect logical database appliances from errors or attacks, but not physical damage caused by environmental factors. References: CompTIA DataSys+ Course Outline, Domain 5.0 Business Continuity, Objective 5.4 Given a scenario, implement disaster recovery methods.
(Which of the following describes the method in which data is encrypted first with an encryption key and then wrapped by a managed root key?)
Asymmetric encryption
DEK-based encryption
Symmetric encryption
Envelope encryption
The correct answer is D. Envelope encryption. CompTIA DataSys+ describes envelope encryption as a key management and data protection method that combines the efficiency of symmetric encryption with the security and manageability of hierarchical key structures. In this approach, data is first encrypted using a data encryption key (DEK), and then the DEK itself is encrypted (or “wrapped”) using a key encryption key (KEK), often referred to as a managed root key.
Envelope encryption is widely used in enterprise database systems and cloud platforms because it provides strong security while simplifying key rotation and management. Encrypting large volumes of data directly with a root or master key would be inefficient and risky. Instead, DataSys+ explains that symmetric DEKs are used for fast data encryption, while the root key is used only to protect the DEKs. If a root key must be rotated or compromised, only the wrapped DEKs need to be re-encrypted—not the underlying data.
Option A, asymmetric encryption, uses public and private key pairs but is computationally expensive and not typically used to encrypt large datasets directly. Option B, DEK-based encryption, is incomplete because it describes only the use of data encryption keys and does not account for the additional wrapping layer that defines envelope encryption. Option C, symmetric encryption, correctly describes how data is encrypted but does not include the managed key hierarchy required by the question.
CompTIA DataSys+ emphasizes envelope encryption as a best practice for data-at-rest protection, particularly in environments that require compliance, auditing, and centralized key management. It is commonly implemented using hardware security modules (HSMs) or cloud key management services.
Therefore, the method where data is encrypted with a DEK and then wrapped with a managed root key is envelope encryption, making option D the correct and fully verified answer.
(Which of the following best describes the function of a wildcard in the WHERE clause?)
An exact match is not possible in a CREATE statement.
An exact match is necessary in a SELECT statement.
An exact match is not possible in a SELECT statement.
An exact match is necessary in a CREATE statement.
The correct answer is C. An exact match is not possible in a SELECT statement. CompTIA DataSys+ documentation explains that wildcards are used in SQL primarily within the WHERE clause of a SELECT statement to enable pattern matching rather than exact value matching. Wildcards such as % and _ are commonly used with the LIKE operator to search for partial strings or variable patterns in character-based data.
In practical database usage, wildcards allow analysts and administrators to retrieve records when the full or exact value is unknown or unnecessary. For example, searching for all patient records with last names starting with “Mac%” or all email addresses ending in “@example.com” requires pattern-based matching. In these cases, an exact match is explicitly not required, which is the core purpose of wildcards in SQL queries.
Option A and D incorrectly reference the CREATE statement. Wildcards are not relevant to CREATE statements, which are used for defining database objects such as tables, indexes, or views. These statements require explicit definitions and do not support wildcard-based matching logic. Option B is also incorrect because a SELECT statement does not always require an exact match; this is precisely why wildcards exist and are heavily used in querying operations.
CompTIA DataSys+ emphasizes that understanding query flexibility is essential for data retrieval and reporting. Wildcards enhance query usability and efficiency by allowing broader result sets without complex logic or multiple conditions. They are particularly valuable in analytical, reporting, and troubleshooting scenarios where partial data exploration is required.
Therefore, the best description of the function of a wildcard in the WHERE clause is that it allows queries where an exact match is not required, making option C the correct and fully aligned answer according to CompTIA DataSys+ principles.
(Before installing a new database instance for an organization, a DBA needs to verify the amount of space, the hardware, and the network resources. Which of the following best describes this process?)
Performing patch management
Upgrading the database instance
Checking for database prerequisites
Provisioning the configuration
The correct answer is C. Checking for database prerequisites. According to CompTIA DataSys+ objectives, verifying prerequisites is a critical preparatory step before installing a new database instance. Database prerequisites refer to the minimum and recommended requirements that must be met to ensure a successful installation and stable operation of the database system.
This process typically includes validating disk space availability, CPU capacity, memory (RAM), and network resources, as well as confirming operating system compatibility, required libraries, kernel parameters, and supporting services. DataSys+ emphasizes that failure to meet prerequisites can lead to installation errors, poor performance, instability, or security vulnerabilities after deployment. Therefore, DBAs are expected to thoroughly assess the environment before proceeding with installation.
Option A, performing patch management, refers to applying updates and fixes to existing systems to address bugs or security issues. This occurs after software is installed and operational, not before a new database instance is deployed. Option B, upgrading the database instance, involves moving from one version of a database to another and assumes an existing installation is already in place. Option D, provisioning the configuration, focuses on allocating and configuring resources (such as creating instances, users, or storage structures) after prerequisites have been validated.
CompTIA DataSys+ clearly separates environment validation from deployment and configuration activities. Checking prerequisites is a risk-reduction step that ensures the infrastructure can support the database workload and performance expectations from the start. It also supports capacity planning, compliance, and long-term maintainability.
Therefore, the process of verifying space, hardware, and network resources before installing a database instance is best described as checking for database prerequisites, making option C the correct and fully verified answer.
Which of the following are the best resources for monitoring potential server issues? (Choose two.)
User connections
Firewall usage
Index usage
CPU usage
Query execution
Memory usage
The two resources that are best for monitoring potential server issues are CPU usage and memory usage. CPU usage is the percentage of time that the processor (CPU) of the server is busy executing instructions or processes. CPU usage indicates how much workload the server can handle and how fast it can process requests. High CPU usage may affect the performance or availability of the server and cause delays or errors. Memory usage is the amount of physical memory (RAM) or virtual memory (swap space) that the server uses to store data or run applications. Memory usage indicates how much space the server has to store temporary or intermediate data or results. High memory usage may affect the performance or availability of the server and cause swapping or paging. The other options are either not relevant or not direct indicators of server health. For example, user connections are the number of users who are connected to a database server at any given time; firewall usage is the amount of data that passes through a firewall device or software; index usage is the frequency or efficiency of using indexes on tables to speed up queries; query execution is the process of running SQL statements on a database server. References: CompTIA DataSys+ Course Outline, Domain 3.0 Database Management and Maintenance, Objective 3.2 Given a scenario, monitor database performance.
(Which of the following is used to store product quantities in a table while ensuring the minimal amount of storage is consumed?)
DOUBLE
INTEGER
COUNT
FLOAT
The correct answer is B. INTEGER. According to CompTIA DataSys+ objectives, choosing the appropriate data type is a fundamental database design decision that directly affects storage efficiency, performance, and data integrity. Product quantities represent whole numbers, such as the count of items in inventory, units sold, or stock remaining. Because these values do not require decimal precision, an integer-based data type is the most appropriate and storage-efficient choice.
An INTEGER data type is specifically designed to store whole numbers and consumes significantly less storage than floating-point or double-precision data types. DataSys+ emphasizes that database administrators should always select the smallest data type that accurately represents the data, as this reduces disk usage, improves cache efficiency, and enhances query performance—especially in large tables with millions of rows.
Option A, DOUBLE, and option D, FLOAT, are floating-point data types intended for values that require decimal precision, such as scientific measurements or financial calculations involving fractions. These data types consume more storage and can introduce rounding errors, making them unsuitable for storing simple quantity counts. Using floating-point types for inventory quantities would be inefficient and unnecessary.
Option C, COUNT, is not a data type at all. COUNT is an aggregate SQL function used in queries to calculate the number of rows or non-null values in a result set. It cannot be used to define a column in a table schema.
CompTIA DataSys+ highlights that efficient schema design includes proper data typing to minimize resource consumption while maintaining accuracy. By using INTEGER for product quantities, administrators ensure optimal storage utilization, faster indexing, and predictable arithmetic operations.
Therefore, to store product quantities accurately while consuming the minimal amount of storage, INTEGER is the best and most appropriate choice, making option B the correct and fully verified answer.
Which of the following statements contains an error?
Select EmpId from employee where EmpId=90030
Select EmpId where EmpId=90030 and DeptId=34
Select* from employee where EmpId=90030
Select EmpId from employee
The statement that contains an error is option B. This statement is missing the FROM clause, which specifies the table or tables from which to retrieve data. The FROM clause is a mandatory clause in a SELECT statement, unless the statement uses a subquery or a set operator. The correct syntax for option B would be:
SELECT EmpId FROM employee WHERE EmpId=90030 AND DeptId=34
Copy
The other options are either correct or valid SQL statements. For example, option A selects the employee ID from the employee table where the employee ID is equal to 90030; option C selects all columns from the employee table where the employee ID is equal to 90030; option D selects the employee ID from the employee table without any filter condition. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.
Which of the following database structures is a type of NoSQL database?
Hierarchical
Key-value stores
Cloud
Object-oriented
The database structure that is a type of NoSQL database is key-value stores. Key-value stores are databases that store and manage data as pairs of keys and values. Keys are unique identifiers that locate data in the database; values are arbitrary data that can be any type or format. Key-value stores do not use any schema or structure to organize data, but rather use hash tables or indexes to enable fast and simple access to data based on keys. Key-value stores are suitable for storing large amounts of simple or unstructured data that do not require complex queries or relationships. The other options are either different types of databases or not related to database structures at all. For example, hierarchical databases are databases that store and manage data as nodes in a tree-like structure; cloud databases are databases that are hosted and accessed over the internet using cloud computing services; object-oriented databases are databases that store and manage data as objects that have attributes and methods. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.1 Given a scenario, identify common database types.
(Which of the following types of scripting can be executed on a web browser?)
Server-side
PowerShell
Client-side
Command-line
The correct answer is C. Client-side. CompTIA DataSys+ explains that client-side scripting refers to code that is executed directly within the user’s web browser, rather than on a backend server or operating system shell. The most common and widely recognized client-side scripting language is JavaScript, which runs natively in modern web browsers and is used to enhance interactivity, validate input, and dynamically update content on web pages.
Client-side scripts execute after a web page is delivered to the user’s browser. This allows for immediate feedback, such as form validation, dynamic content updates, and interactive user interfaces, without requiring a round trip to the server. DataSys+ highlights client-side scripting as an important concept when discussing web applications that interact with databases, particularly because improper client-side controls can introduce security risks if not reinforced by server-side validation.
Option A, server-side scripting, runs on the web server rather than in the browser. Examples include PHP, Python, Ruby, and server-side JavaScript (such as Node.js). These scripts handle tasks like database queries, authentication, and business logic and are never executed in the browser itself. Option B, PowerShell, is a scripting and automation language used primarily in Windows environments for system and database administration tasks and cannot run inside a web browser. Option D, command-line scripting, refers to scripts executed in a terminal or shell environment, not within a browser context.
CompTIA DataSys+ emphasizes the distinction between client-side and server-side execution models because of their impact on performance, security, and data handling. Understanding where code executes is critical for protecting databases from exposure and enforcing proper validation controls.
Therefore, the type of scripting that can be executed in a web browser is client-side scripting, making option C the correct and fully verified answer.
Which of the following is used to write SQL queries in various programming languages?
Indexing
Object-relational mapping
Excel
Normalization
The option that is used to write SQL queries in various programming languages is object-relational mapping. Object-relational mapping (ORM) is a technique that maps objects in an object-oriented programming language (such as Java, Python, C#, etc.) to tables in a relational database (such as Oracle, MySQL, SQL Server, etc.). ORM allows users to write SQL queries in their preferred programming language without having to deal with the differences or complexities between the two paradigms. ORM also provides users with various benefits such as code reuse, abstraction, validation, etc. The other options are either not related or not effective for this purpose. For example, indexing is a technique that creates data structures that store the values of one or more columns of a table in a sorted order to speed up queries; Excel is a software application that allows users to organize and manipulate data in rows and columns; normalization is a process that organizes data into tables and columns to reduce redundancy and improve consistency. References: CompTIA DataSys+ Course Outline, Domain 1.0 Database Fundamentals, Objective 1.2 Given a scenario, execute database tasks using scripting and programming languages.
An on-premises application server connects to a database in the cloud. Which of the following must be considered to ensure data integrity during transmission?
Bandwidth
Encryption
Redundancy
Masking
The factor that must be considered to ensure data integrity during transmission is encryption. Encryption is a process that transforms data into an unreadable or scrambled form using an algorithm and a key. Encryption helps protect data integrity during transmission by preventing unauthorized access or modification of data by third parties, such as hackers, eavesdroppers, or interceptors. Encryption also helps verify the identity and authenticity of the source and destination of the data using digital signatures or certificates. The other options are either not related or not sufficient for this purpose. For example, bandwidth is the amount of data that can be transmitted over a network in a given time; redundancy is the duplication of data or components to provide backup or alternative sources in case of failure; masking is a technique that replaces sensitive data with fictitious but realistic data to protect its confidentiality or compliance. References: CompTIA DataSys+ Course Outline, Domain 4.0 Data and Database Security, Objective 4.2 Given a scenario, implement security controls for databases.
TESTED 10 Jul 2026
