← Concepts
Security ArchitectureSY0-701 · Task 3.4

Recovery sites — SY0-701

Recovery sites (hot, warm, cold) explained for CompTIA Security+ SY0-701: grounded definitions, key distinctions, and common exam traps.

WHAT IT IS

A recovery site is an alternative location an organization can activate to resume information system operations after a disruption at the primary facility. Three types appear in the NIST / CNSSI vocabulary and are tested on the exam.

Site typeNIST / CNSSI definition (verbatim)
Hot site"A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption." (CNSSI 4009-2015; NIST SP 800-34 Rev. 1)
Warm site"An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption." (CNSSI 4009-2015; NIST SP 800-34 Rev. 1)
Cold site"A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site." (CNSSI 4009-2015; NIST SP 800-34 Rev. 1)

Mental model

Think of each site type as answering the question: "How much has already been done before disaster strikes?"

  • Cold site — the shell is ready; everything else must be brought in.
  • Warm site — the shell and some equipment are ready; the rest must be configured or shipped.
  • Hot site — fully equipped and operational; staff can switch over and resume work.

The further right you move on that spectrum, the less time it takes to restore operations — and, typically, the greater the ongoing cost and complexity of maintaining the site.

When to use it

The exam distinguishes site types primarily by their state of readiness before a disruption occurs.

Cold siteWarm siteHot site
Physical infrastructure (power, cooling, cabling)PresentPresentPresent
Computer equipment installedNot present — must be received after the eventPartially installedFully installed
Software and data ready to runNoPartiallyYes
Activation lead timeLongestIntermediateShortest
Typical ongoing maintenance burdenLowestIntermediateHighest

A question will usually describe a scenario — recovery timeline, budget constraint, or infrastructure state — and ask which site type fits. Anchor your answer to what is physically present before the disruption, not what happens during recovery.

COMMON MISCONCEPTION

Candidates frequently assume that a warm site is simply a "turned-off" hot site, or that the distinction is only about whether systems are powered on. The NIST/CNSSI definitions correct this: the difference is about what equipment is physically installed and present at the site before any event occurs. A warm site is "partially equipped" — some systems and telecommunications infrastructure are there but not the complete complement. A cold site has the electrical and physical infrastructure but no computer equipment at all. Readiness is a matter of what exists on site, not just what is switched on.

How it shows up on the exam

Questions in this area typically ask candidates to apply the definition to a described scenario rather than recite it. The cognitive target is matching observable characteristics — "no computer equipment on site," "partially equipped," "fully operational" — to the correct term. Signal phrases to notice:

  • "No computer equipment installed" or "ready to receive replacement equipment" → cold site
  • "Partially equipped with information systems" or "partially equipped with telecommunications equipment" → warm site
  • "Fully operational" and "equipped with hardware and software" → hot site

Candidates often conflate the warm and hot site by focusing on whether systems are running rather than whether they are present and installed. The grounded distinction is about the state of equipment at the site, which is the dimension the NIST definitions make explicit.

Related concepts

  • High availability — design approach to minimize downtime through redundancy, complementary to recovery site planning
  • Geographic dispersion — the principle of separating primary and recovery infrastructure across physical locations to reduce correlated failure risk
  • Backups — the data protection mechanism that feeds a recovery site; without current backups, even a hot site cannot restore operations effectively

Sources

Every claim on this page traces to the public exam blueprint and official documentation:

CutScore is an independent study tool and is not affiliated with, authorized by, endorsed by, or sponsored by Amazon Web Services. “AWS” and “AWS Certified AI Practitioner” are trademarks of Amazon.com, Inc. or its affiliates. All content is independently authored from the public exam blueprint and official documentation — no real exam content is used.

The exam-readiness instrument. Know if you’re ready before you book.

Product
PricingConceptsBlog
Legal
PrivacyTermsRefund policy
Company
Contact
© 2026 The Plain Works Co.AWS and AWS Certified AI Practitioner are trademarks of Amazon.com, Inc. or its affiliates. CutScore is independent and not affiliated with, endorsed by, or sponsored by Amazon Web Services.