CompTIA Security+ Practice Test of the Day 260528

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.4 (Summarize elements of effective security compliance) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260528

10 questions • Single best answer

Question 1

A compliance officer at a financial services firm must submit a report to federal banking regulators within 36 hours of discovering a cybersecurity incident. This obligation is an example of which type of compliance reporting?

A. Internal compliance reporting B. External compliance reporting C. Attestation reporting D. Due diligence reporting

Question 2

An e-commerce company is found to have collected EU customer data without a lawful basis under GDPR. The supervisory authority levies a €15 million monetary penalty against the company. Which consequence of non-compliance does this represent?

A. Sanction B. Contractual impact C. Fine D. Loss of license

Question 3

Before contracting a new payroll software vendor, a security team reviews the vendor's SOC 2 Type II report, security policies, and personnel background check procedures. This activity is best described as:

A. Due care B. Attestation C. Due diligence D. Compliance monitoring

Question 4

A SaaS company processes health records on behalf of hospital clients. The hospitals define what data is collected and the purpose of processing. Under GDPR, how are the SaaS company and the hospitals classified?

A. Both are data controllers B. SaaS company is the data controller; hospitals are data processors C. SaaS company is the data processor; hospitals are data controllers D. Both are data subjects

Question 5

A defense contractor fails a CMMC audit. The Department of Defense suspends the company from bidding on new federal contracts for 18 months due to inadequate data protection practices. Which non-compliance consequence does this illustrate?

A. Fine B. Reputational damage C. Contractual impact D. Sanction

Question 6

Each quarter, employees at a global bank must digitally sign a form confirming they have read, understood, and are complying with the information security policy. This process is an example of:

A. External compliance reporting B. Due diligence C. Attestation and acknowledgement D. Automated compliance monitoring

Question 7

An EU citizen submits a formal request to a retailer asking to access all personal data the retailer holds about them and to have it permanently deleted. In this scenario, the EU citizen is best described as the:

A. Data controller B. Data processor C. Data subject D. Data custodian

Question 8

A GRC platform automatically scans all corporate endpoints daily, flags policy violations, and populates compliance dashboards without analyst intervention. This reflects which compliance monitoring approach?

A. Attestation B. Internal audit C. Due care D. Automation

Question 9

An MSSP's contract requires it to maintain ISO 27001 certification throughout the engagement. After losing certification, the client invokes a compensation clause. Which consequence of non-compliance is this?

A. Sanction B. Loss of license C. Fine D. Contractual impact

Question 10

A payment card processor is repeatedly found non-compliant with PCI DSS. Visa and Mastercard revoke the company's authorization to process card transactions. Which consequence of non-compliance does this represent?