CompTIA Security+ Practice Test of the Day 260224

Question 1

Your organization processes payment card data and is preparing for an upcoming external compliance review. A security administrator is tasked with ensuring that executives formally acknowledge adherence to required regulatory controls and accept responsibility for maintaining them. The administrator wants documented confirmation that leadership affirms compliance with applicable standards. Which of the following BEST satisfies this requirement?

A. Independent third-party audit B. Attestation C. Vulnerability assessment D. Right-to-audit clause

Question 2

An analyst in a SOC observes that a multinational organization stores personal data belonging to customers in multiple countries. Regulators in one region require that citizens' personal data remain within national borders and grant individuals the right to request deletion of their data. The compliance team must ensure policies align with these legal requirements. Which of the following concepts is MOST directly related to this requirement?

A. Data sovereignty B. Data masking C. Tokenization D. Hashing

Question 3

Your company recently failed a compliance review due to inconsistent enforcement of internal security policies. Senior leadership now requires continuous tracking of control effectiveness and automated alerts when compliance deviations occur. The goal is to demonstrate ongoing due care and due diligence. Which of the following BEST addresses this requirement?

A. Annual penetration testing B. Compliance monitoring with automation C. One-time risk assessment D. Tabletop incident response exercise

Question 4

A cloud service provider processes customer data on behalf of several clients. During a regulatory review, auditors request clarification regarding whether the provider determines how personal data is processed or simply handles data under client instruction. The distinction affects legal accountability and reporting obligations. Which of the following roles BEST describes the cloud provider if it only processes data according to client direction?

A. Data owner B. Data controller C. Data processor D. Data custodian

Question 5

Your organization operates in the healthcare sector and is subject to national privacy regulations. During an internal compliance review, auditors request documentation demonstrating that employees formally acknowledge privacy policies and understand their responsibilities when handling regulated data. Leadership wants proof that personnel have reviewed and agreed to required controls. Which of the following BEST satisfies this requirement?

A. Attestation and acknowledgement B. Risk register update C. Vulnerability scan report D. Independent penetration test

Question 6

An analyst in a SOC supports a global organization that must submit periodic reports to a government regulator demonstrating compliance with industry-specific security standards. The reports must be formally submitted outside the organization and reviewed by regulatory authorities. Which of the following BEST describes this type of compliance reporting?

A. Internal compliance reporting B. Self-assessment C. External compliance reporting D. Internal audit committee review

Question 7

Your company recently expanded into a new region with strict privacy legislation. Legal counsel advises that individuals must be informed about how their personal data is collected, used, retained, and shared. The organization must also clearly define whether it determines processing purposes or processes data on behalf of another entity. Which of the following compliance elements is MOST directly related to this scenario?

A. Data subject rights and controller responsibilities B. Encryption key rotation schedule C. Network segmentation policy D. Mean time to repair (MTTR) metrics

Question 8

Your organization is preparing for a regulatory examination. The compliance officer wants to demonstrate that the company not only implemented required controls but also exercised due diligence in maintaining them through consistent oversight and validation activities. Which of the following BEST demonstrates due diligence in a compliance program?

A. Conducting compliance monitoring with periodic internal reviews B. Purchasing cyber insurance C. Implementing a one-time security awareness campaign D. Signing a memorandum of understanding (MOU)

Question 9

Your organization recently experienced reputational damage after failing to comply with a regional data protection law. Regulators imposed financial penalties and temporarily suspended the company’s ability to process certain types of personal information. Executive leadership now wants to clearly understand the potential organizational impact of future compliance failures. Which of the following BEST represents a consequence of non-compliance?

A. Increased mean time between failures (MTBF) B. Regulatory fines and sanctions C. Improved risk appetite alignment D. Expanded security awareness training

Question 10

An analyst in a SOC works for an organization that must demonstrate accountability for how sensitive data is collected, stored, and retained. During an internal compliance audit, reviewers ask for documentation identifying what data the company possesses, where it resides, how long it is retained, and who is responsible for managing it. Which of the following compliance elements BEST addresses this requirement?

A. Data inventory and retention policy B. Business continuity testing schedule C. Incident response playbook D. Network intrusion detection deployment

CompTIA Security+ Practice Test of the Day 260224

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002