Power resilience — SY0-701
Learn what power resilience means for the CompTIA Security+ SY0-701 exam: UPS, fault tolerance, and how they protect availability in security architecture.
WHAT IT IS
Power resilience is the capacity of a system or facility to maintain continuous, reliable electrical supply to critical assets — absorbing power interruptions, degrading gracefully, and recovering operations — so that availability is preserved during adverse conditions.
The concept draws from two grounded NIST pillars. First, availability: "ensuring timely and reliable access to and use of information" (FIPS 200). Second, resilience: "the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruption" (NIST SP 800-160 Vol. 2 Rev. 1, citing OMB Circular A-130 2016). Power resilience is the intersection of those two properties applied specifically to electrical infrastructure.
Mental model
Think of power resilience as a layered buffer between the commercial grid and your equipment:
Each layer addresses a different failure mode and a different time horizon. No single layer is sufficient on its own; depth is the design goal.
When to use it
Power resilience controls are chosen based on what threat they address and the duration of coverage required. A common point of confusion is treating all power controls as interchangeable. They are not.
| Control | What it addresses | Time horizon | Primary NIST anchor |
|---|---|---|---|
| Uninterruptible Power Supply (UPS) | Immediate loss of primary power; allows connected devices to run for at least a short time when the primary power source is lost | Short (bridging gap) | NISTIR 7621 Rev. 1 |
| Fault-tolerant design | Component-level failure; allows proper operation even if components fail | Continuous | NISTIR 8202 |
| Redundant power feeds | Single-feed failure eliminating a single point of failure | Continuous | Resilience / availability principles |
| Contingency / recovery plan | Extended outage requiring alternate-site operations | Extended | NIST SP 800-34 Rev. 1 |
Select the control to match the threat duration and recovery time objective — not just the one that sounds most robust.
COMMON MISCONCEPTION
A UPS alone equals power resilience.
A UPS is defined as "a device with an internal battery that allows connected devices to run for at least a short time when the primary power source is lost" (NISTIR 7621 Rev. 1). The key phrase is at least a short time — a UPS is a bridging device, not a long-term power source. Resilience, by contrast, requires the ability to "withstand and recover rapidly from disruption" (NIST SP 800-160 Vol. 2 Rev. 1). A single UPS with no generator, no redundant feed, and no contingency plan does not satisfy that wider definition. Candidates who conflate "has a UPS" with "is power-resilient" will mis-select answers when a scenario describes a prolonged outage or a need for sustained operations.
How it shows up on the exam
The cognitive target is application: given a scenario describing a specific power threat, identify the appropriate control or diagnose why an existing control is insufficient.
Signal phrases to watch for in stems:
- "brief outage" or "power fluctuation" — points toward UPS or power conditioning as the relevant control.
- "extended power loss" — a UPS alone is not the full answer; look for generator or alternate-feed options.
- "single point of failure" — the exam may probe whether you recognize that a single power feed, even with a UPS on it, can be a single point of failure.
- "continue operations" — ties back to availability: "ensuring timely and reliable access to and use of information" (FIPS 200); the control must match the required duration.
- "fault tolerance" — candidates sometimes assume fault tolerance implies power resilience; fault tolerance is "a property of a system that allows proper operation even if components fail" (NISTIR 8202), which addresses component failure, not necessarily power-supply failure.
A common misconception the exam exploits: treating resilience as synonymous with redundancy. Resilience requires anticipate–absorb–adapt–recover across the full event lifecycle; redundancy addresses only the failure moment itself.
Related concepts
- High availability — a failover feature to ensure availability during device or component interruptions; often confused with power resilience because both target uptime, but HA is a system-architecture property while power resilience is an infrastructure-supply property.
- Recovery sites — alternate facilities invoked when primary-site power or infrastructure cannot be restored within the mission timeframe; the contingency plan layer that extends beyond on-site power resilience.
- Geographic dispersion — distributing assets across locations so that a regional power event cannot simultaneously affect all replicas; the architectural strategy that makes power resilience scale beyond a single facility.
Sources
Every claim on this page traces to the public exam blueprint and official documentation: