CompTIA Security+ Practice Test of the Day 260221

Question 1

Your organization is expanding into multiple international markets and must align its security governance structure with regulatory requirements across different regions. The executive board wants formal oversight of cybersecurity strategy, risk posture, and compliance reporting. Currently, security decisions are made informally by IT managers without documented accountability or structured review. Which governance structure would BEST provide centralized oversight and executive accountability for security strategy?

A. Establishing a decentralized security champion program within each department B. Creating a cross-functional security steering committee reporting to the board C. Delegating security oversight entirely to the infrastructure operations team D. Outsourcing governance responsibilities to a managed security service provider (MSSP)

Question 2

A security administrator at a global healthcare company is reviewing documentation related to data handling. The organization already has an Acceptable Use Policy (AUP), but auditors found inconsistencies in password complexity requirements across departments. The CISO wants a document that defines specific technical requirements for password length, reuse, and expiration that must be uniformly enforced. Which governance document should the organization implement to address this issue?

A. Procedure B. Guideline C. Standard D. Playbook

Question 3

An analyst in a SOC observes that security policies are reviewed only after major incidents occur. Several policies reference outdated technologies and no longer reflect the organization’s hybrid cloud architecture. Senior leadership wants to ensure policies remain aligned with evolving risks and business operations. Which governance practice would BEST address this concern?

A. Implementing automated vulnerability scanning B. Establishing a recurring policy review and revision schedule C. Conducting annual penetration tests D. Requiring employees to re-sign the AUP each year

Question 4

Your company processes customer data on behalf of multiple enterprise clients. During a compliance review, auditors request clarification regarding roles and responsibilities for system ownership, data classification, and data handling decisions. There is confusion between the IT department and the legal department about who determines data retention requirements. Which role is primarily responsible for determining data classification and retention requirements?

A. Data custodian B. Data owner C. Data processor D. System administrator

Question 5

A security administrator at a mid-sized financial services company discovers that different departments are developing their own informal onboarding checklists for new hires. Some departments immediately grant privileged access, while others delay access provisioning. Leadership is concerned about inconsistent enforcement of security requirements and potential compliance violations. Which governance element would BEST ensure consistent and secure onboarding practices across the organization?

A. Implementing a formal onboarding procedure aligned with security policies B. Publishing a password guideline for managers to follow C. Conducting quarterly vulnerability scans D. Allowing department heads to determine access requirements independently

Question 6

Your organization is drafting an updated Information Security Policy. The legal department insists that the document reflect national data protection regulations and relevant industry standards. Executive leadership also wants the policy to align with global privacy obligations due to international customers. Which external governance considerations must be incorporated into the policy?

A. Internal help desk metrics and ticket response times B. Regulatory, legal, industry, and global requirements C. Vendor service-level agreements (SLAs) only D. Network performance baselines and capacity planning data

Question 7

An analyst in a SOC notices that employees frequently bypass documented change management processes when deploying cloud resources. This has led to undocumented firewall rule changes and inconsistent logging configurations. The organization has a change management policy but lacks enforcement clarity. Which governance document would provide detailed, step-by-step instructions for submitting, reviewing, approving, and documenting changes?

A. Standard B. Guideline C. Procedure D. Framework

Question 8

Your company stores intellectual property, regulated health records, and public marketing materials. During a governance audit, leadership asks for clarification on who is responsible for maintaining security controls versus defining classification levels and access requirements. The security team currently manages storage systems, while executives define data sensitivity. Which role is responsible for implementing and maintaining the security controls that protect the data?

A. Data owner B. Data controller C. Data custodian D. Board of directors

Question 9

A security administrator at a rapidly growing technology company notices that multiple departments are creating informal documentation to guide secure software development. Some teams follow secure coding checklists, while others rely on individual developer discretion. The CISO wants to formalize governance around development security to ensure consistent oversight and risk management throughout the lifecycle. Which governance policy should be formally established to address this requirement?

A. Incident Response Policy B. Software Development Lifecycle (SDLC) Policy C. Acceptable Use Policy (AUP) D. Disaster Recovery Policy

Question 10

Your organization operates in a highly regulated industry and must demonstrate executive oversight of cybersecurity risk. The board of directors requests structured reporting on security posture, policy compliance, and risk thresholds. Currently, reports are generated inconsistently by IT without standardized review processes. Which governance practice would BEST ensure accountability and structured oversight at the executive level?

A. Implementing automated endpoint detection and response (EDR) tools B. Creating a formal governance structure with defined board and committee reporting responsibilities C. Delegating compliance tracking to system administrators D. Increasing the frequency of penetration testing engagements

CompTIA Security+ Practice Test of the Day 260221

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002