CompTIA Security+ Practice Test of the Day 082225

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.4 (Summarize elements of effective security compliance) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 082225

10 questions • Single best answer

Question 1

A healthcare organization is fined $2.1 million by HHS after an audit reveals it failed to encrypt patient data on portable devices, violating HIPAA Security Rule requirements. What consequence of non-compliance does this illustrate?

A. Reputational damage B. Contractual impact C. Loss of license D. Financial fine

Question 2

An EU resident submits a formal request to an online retailer demanding that all personal data the company holds about them — purchase history, browsing data, and profile information — be permanently deleted from all systems. The privacy officer processes and fulfills the request. What privacy right is being exercised?

A. Data portability B. Consent withdrawal C. Right to be forgotten D. Data subject access request

Question 3

A payment processor undergoes its annual PCI DSS assessment conducted by a Qualified Security Assessor (QSA) who validates controls and submits a Report on Compliance to the payment card brands. What type of compliance reporting is this?

A. Internal compliance reporting B. Automated compliance monitoring C. Attestation only D. External compliance reporting

Question 4

A hospital stores patient imaging data on unencrypted servers for three years, violating HIPAA. A major news outlet publishes a story about the violation, causing patient trust to decline and resulting in a significant loss of new patient referrals. What non-compliance consequence does this illustrate?

A. Financial fine B. Loss of license C. Contractual impact D. Reputational damage

Question 5

Under GDPR, a person whose personal data is collected and processed by an organization — such as a customer whose purchase history and browsing data are stored — is referred to as what?

A. Data controller B. Data processor C. Data subject D. Data owner

Question 6

Rather than relying on quarterly manual audits, an organization deploys tools that continuously scan for configuration drift, monitor access control changes, and alert when systems fall out of compliance with security standards in real time. What compliance monitoring approach is this?

A. Attestation and acknowledgement B. External regulatory examination C. Automated compliance monitoring D. Internal due diligence review

Question 7

A company's cloud provider contract includes a clause stating that if a data breach occurs due to the provider's negligence, the company may terminate immediately without penalty and pursue damages. After a breach, the company invokes this clause. What non-compliance consequence is this?

A. Regulatory fine B. Reputational damage C. Loss of authorization D. Contractual impact

Question 8

A medical device company in California must simultaneously comply with HIPAA (federal), CCPA (state), and GDPR (EU) for different customer populations. Each framework has different requirements for data retention, consent, and breach notification. What compliance concept does navigating all three simultaneously illustrate?

A. Data subject rights management B. Internal vs. external reporting requirements C. Multi-jurisdictional privacy legal implications D. Due diligence and care obligations

Question 9

A compliance officer requires all employees with access to cardholder data to annually read, sign, and return a form confirming they have reviewed and understood the company's PCI DSS data handling policies and their individual responsibilities. What compliance practice does this represent?

A. Internal compliance audit B. External regulatory examination C. Attestation and acknowledgement D. Automated compliance monitoring

Question 10

A SaaS company loses its FedRAMP authorization after failing to remediate critical findings from a continuous monitoring report within the required timeframe. Federal agencies are immediately prohibited from using the software. What non-compliance consequence does this represent?

A. Financial fine B. Reputational damage only C. Contractual impact D. Loss of license/authorization

CompTIA Security+ Practice Test of the Day 082225

Related Posts