CompTIA Security+ Practice Test of the Day 260405

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.1 (Summarize elements of effective security governance) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260405

10 questions • Single best answer

Question 1

A newly hired analyst at a defense contractor must review and sign a document before receiving network credentials. The document defines permitted system uses, internet access rules, prohibited activities, and disciplinary consequences for violations. Which policy type does this document represent?

A. Information security policy B. Acceptable use policy (AUP) C. Business continuity policy D. Change management procedure

Question 2

A CISO is building a security governance framework and publishes a document offering recommended secure coding practices and preferred configuration patterns for developers. The document is advisory — there are no mandatory requirements or disciplinary consequences for non-compliance. Which governance element BEST describes this document?

A. Policy B. Standard C. Guideline D. Procedure

Question 3

A retail company's governance committee is reviewing its policy library. One document defines the organization's commitment to maintaining critical business functions during extended disruptions — assigning executive responsibilities, establishing recovery priorities, and mandating tested continuity plans. Which policy type does this document represent?

A. Disaster recovery policy B. Incident response policy C. Business continuity policy D. Change management policy

Question 4

A global enterprise allows each regional office to independently set security policies, manage local IT systems, and make security decisions without requiring headquarters approval. Which governance structure does this BEST describe?

A. Centralized governance B. Committee-based governance C. Decentralized governance D. Board-level governance

Question 5

At a financial institution, the HR director is assigned accountability for determining who may access employee records and how long they are retained. The database administrator is assigned responsibility for implementing those decisions — applying access controls and managing backups. Which roles are being assigned, respectively?

A. Data processor and data controller B. Data owner and data custodian C. Data steward and data processor D. Data controller and data owner

Question 6

An IT auditor finds that the organization has no enforceable minimum password requirements — configuration varies by system administrator from 6 to 20 characters with no complexity rules. Which governance element should the organization implement to resolve this inconsistency?

A. Acceptable use policy B. Password guideline C. Password standard D. Access control procedure

Question 7

A help desk manager reports that a contractor whose engagement ended three weeks ago still has active VPN credentials and email access. The contractor's manager never submitted a termination request to IT. Which security governance procedure, if properly followed, would have MOST directly prevented this exposure?

A. Change management procedure B. Incident response playbook C. Onboarding/offboarding procedure D. Periodic access review

Question 8

The CISO of a publicly traded financial services company is mapping external drivers to required security controls. She identifies requirements imposed by the SEC, FINRA, and state financial regulators. Which category of external governance considerations do these requirements fall under?

A. Industry considerations B. Legal considerations C. Regulatory considerations D. National considerations

Question 9

A network engineer applied a firewall rule change directly to a production device without a ticket, review, or approval — causing an unintended outage. Which governance element, if implemented, would have MOST directly required the engineer to seek authorization before making the change?

A. Configuration management standard B. Change management policy C. Incident response procedure D. Access control standard

Question 10

A SOC analyst receives a C2 beacon alert for a workstation. She opens a document with sequential steps: isolate the host, capture forensic artifacts, notify the IR team, and escalate per defined criteria. Which governance element is the analyst using?