CompTIA Security+ Practice Test of the Day 070425

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.1 (Summarize elements of effective security governance) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 070425

10 questions • Single best answer

Question 1

During onboarding, a new employee signs a document outlining permitted and prohibited uses of company IT assets — including restrictions on personal email, social media use, and software installation on company devices. What governance document is this?

A. Information security policy B. Change management procedure C. Acceptable use policy (AUP) D. Incident response plan

Question 2

An IT department documents the exact sequence of steps for removing a departing employee's system access, collecting company equipment, revoking physical badges, and archiving their files. What type of governance document provides these step-by-step instructions?

A. Policy B. Standard C. Guideline D. Procedure

Question 3

A U.S. healthcare company must simultaneously comply with HIPAA, state privacy laws, and EU GDPR for its international patients. Each framework imposes different security and privacy requirements. What governance consideration do these frameworks represent?

A. Internal standards B. External regulatory considerations C. Industry guidelines D. Organizational policies

Question 4

A data processing company processes personal data on behalf of its clients. The clients determine what data is collected, why it is collected, and how it is used. The processor follows those instructions without having authority over the purpose of processing. Under GDPR, what role does the data processing company hold?

A. Data owner B. Data controller C. Data processor D. Data custodian

Question 5

A multinational organization distributes security governance authority to regional business units, each of which sets security policies tailored to their local regulatory environment and risk profile rather than following a single global standard. What type of governance structure is this?

A. Centralized governance B. Board-level governance C. Decentralized governance D. Committee-driven governance

Question 6

When a security incident occurs, the IR team follows a detailed, step-by-step document that specifies exactly who does what in what order for each incident type — including escalation contacts, communication templates, and decision trees. What governance document is this?

A. Incident response policy B. Business continuity plan C. Playbook D. Standard operating procedure

Question 7

A CISO issues a mandatory requirement that all corporate user accounts must have passwords of at least 14 characters, include at least one number and one special character, and must not be the same as any of the 12 previous passwords. What type of governance document establishes these measurable requirements?

A. Policy B. Guideline C. Standard D. Procedure

Question 8

A department head is designated as the person accountable for defining the business purpose, appropriate uses, and required protection level of the customer database within their department. They approve access requests and determine how long the data must be retained. What data governance role do they hold?

A. Data processor B. Data custodian/steward C. Data controller D. Data owner

Question 9

A document states: 'The organization is committed to protecting all information assets from unauthorized access, ensuring compliance with applicable laws, and maintaining the confidentiality, integrity, and availability of business-critical data.' The document sets direction but specifies no technical controls. What type of governance document is this?

A. Standard B. Procedure C. Guideline D. Policy

Question 10

The IT security team is responsible for implementing and maintaining the encryption, access controls, backup systems, and monitoring tools that protect the customer database. They do not determine what data is collected or how it is used. What data governance role does the IT team fulfill?

A. Data owner B. Data controller C. Data processor D. Data custodian/steward

CompTIA Security+ Practice Test of the Day 070425

Related Posts