CompTIA Security+ Practice Test of the Day 260525

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.1 (Summarize elements of effective security governance) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260525

10 questions • Single best answer

Question 1

The CISO of a regional bank is formalizing the organization's security program. She needs a document that defines acceptable behaviors for how employees may use company-owned devices and internet access. Which governance document is she creating?

A. Information security policy B. Acceptable use policy (AUP) C. Change management procedure D. Business continuity plan

Question 2

An organization is updating its security governance framework. The security team identifies that the password policy specifies a minimum of 12 characters with complexity requirements. Which governance tier does a password policy fall under?

A. Guideline B. Procedure C. Standard D. Policy

Question 3

A global enterprise must comply with GDPR in Europe, HIPAA in the US, and local privacy laws in Southeast Asia. When developing its security governance framework, which category of external considerations does this represent?

A. Industry standards B. Regulatory and legal considerations C. Internal audit requirements D. Centralized governance mandates

Question 4

A cloud provider processes customer health data on behalf of a hospital system. Under data governance principles, how are the hospital and cloud provider BEST classified?

A. The hospital is the processor; the cloud provider is the controller B. Both the hospital and cloud provider are data owners C. The hospital is the controller; the cloud provider is the processor D. The hospital is the custodian; the cloud provider is the steward

Question 5

A security governance committee is reviewing the organization's policies after a major industry regulation change. After updating the policies, what governance activity must immediately follow to ensure ongoing effectiveness?

A. Conduct a tabletop exercise to test the new policies B. Perform monitoring and revision of the updated policies C. Publish the updated policies to all employees D. Request an external audit to validate the changes

Question 6

An organization's IT department wants to deploy a new application without formal review by the security or change management teams. This action is BEST described as what type of governance risk?

A. Shadow IT B. Privilege escalation C. Insider threat D. Policy exception

Question 7

An employee leaves a company. The HR and IT teams follow a documented process that includes revoking access, returning equipment, and conducting an exit interview. Which governance document formally defines these steps?

A. Incident response policy B. Acceptable use policy C. Offboarding procedure D. Data classification standard

Question 8

A governance board at a healthcare organization is composed of department heads, legal counsel, compliance officers, and the CISO. They meet quarterly to review security posture and approve major security investments. What type of governance structure does this represent?

A. Decentralized governance B. Government entity oversight C. A governance committee D. An audit board

Question 9

A software company's security policy requires that all code changes go through peer review, testing, and staged deployment before production release. This policy is MOST closely associated with which governance area?

A. Disaster recovery policy B. Software development lifecycle (SDLC) policy C. Incident response policy D. Business continuity policy

Question 10

A data custodian at a financial firm is responsible for maintaining databases, applying patches, and performing backups. A data owner is responsible for approving who can access the data. Which governance principle do these distinct roles reflect?