CompTIA Security+ Practice Test of the Day 260223

By /

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 5.3 (Explain the processes associated with third-party risk assessment and management.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260223
10 questions • Single best answer
Question 1
Your organization is preparing to migrate sensitive financial data to a cloud-based SaaS provider. Before signing the contract, the procurement team asks the security department to validate that the vendor follows appropriate security controls and complies with industry standards. The legal department also wants contractual protection in case of audit requirements in the future. Which of the following actions BEST ensures the organization can independently verify the vendor’s security posture over time?
    Question 2
    A security manager at a global enterprise is evaluating a new managed service provider (MSP) that will have administrative access to critical infrastructure systems. As part of due diligence, the organization distributes a detailed questionnaire covering security controls, past incidents, regulatory compliance, and supply chain dependencies. What is the PRIMARY purpose of using vendor questionnaires during the selection phase?
      Question 3
      Your company relies on a third-party software supplier for a critical authentication platform. A recent industry breach revealed that attackers compromised a vendor’s build environment, inserting malicious code into distributed updates. Senior leadership is now concerned about systemic risk introduced through external dependencies. Which of the following processes would BEST address this concern moving forward?
        Question 4
        An analyst in a SOC observes that a long-term data processing partner has failed to provide updated compliance attestation reports for two consecutive quarters. The vendor processes regulated personal data subject to international privacy regulations. What is the MOST appropriate next step in third-party risk management?
          Question 5
          A security administrator at a mid-sized healthcare company is reviewing a new cloud analytics vendor that will process protected health information (PHI). The vendor claims compliance with multiple regulatory frameworks but cannot provide evidence of recent independent assessments. Executive leadership wants assurance that the vendor’s security controls are operating effectively. Which of the following would provide the STRONGEST independent validation of the vendor’s security posture?
            Question 6
            Your organization is entering a long-term engagement with a data hosting provider. During contract negotiations, the legal team emphasizes the need to formally define confidentiality requirements, liability limitations, data handling procedures, and dispute resolution terms within a single overarching contract. Which of the following agreement types BEST satisfies this requirement?
              Question 7
              An analyst in a SOC is reviewing third-party risk documentation and notices that a recently onboarded vendor has access to sensitive systems but was never formally evaluated for potential conflicts of interest. The vendor’s parent company competes directly with your organization in another market segment. Which phase of third-party risk management was MOST likely overlooked?
                Question 8
                Your company contracts a third-party penetration testing firm to assess its external attack surface. Before testing begins, leadership requires documentation defining scope, approved techniques, testing timelines, data handling procedures, and escalation paths if critical vulnerabilities are discovered. Which of the following BEST fulfills this requirement?
                  Question 9
                  Your organization relies on a third-party payment processing company to handle customer credit card transactions. During an annual review, the compliance team discovers that the vendor has subcontracted part of its data processing operations to another offshore entity without notifying your organization. Senior leadership is concerned about regulatory exposure and loss of visibility into the extended supply chain. Which of the following actions would BEST reduce this type of third-party risk in the future?
                    Question 10
                    A security administrator at a financial services firm is reviewing third-party risk documentation and notes that several vendors are classified as “critical” due to system access and data sensitivity. However, there is no documented process for ongoing evaluation after initial onboarding. Leadership wants to ensure risks are continuously identified and managed throughout the vendor lifecycle. Which of the following BEST addresses this requirement?
                      Answered: 0/10

                      Take more CompTIA Security+ practice tests

                      Related Posts

                      Scroll to Top