CompTIA Security+ Practice Test of the Day 260407

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.3 (Explain the processes associated with third-party risk assessment and management) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260407

10 questions • Single best answer

Question 1

A cloud vendor refuses to allow a financial institution's security team to directly review its controls. The institution wants independent verification without waiting for the vendor's annual self-report. Which contract provision would have formally authorized this review?

A. Non-disclosure agreement B. Right-to-audit clause C. Service-level agreement D. Memorandum of understanding

Question 2

Before sharing proprietary threat intelligence and internal network architecture diagrams with a new security consulting firm, an organization requires the firm's principals to sign a legally binding agreement preventing disclosure to third parties. Which agreement type is being used?

A. Service-level agreement B. Master service agreement C. Non-disclosure agreement D. Business partners agreement

Question 3

An MSSP commits in writing to respond to critical security alerts within 15 minutes, resolve P1 incidents within 4 hours, and maintain 99.9% portal availability. Which agreement type captures these commitments?

A. Memorandum of understanding B. Master service agreement C. Service-level agreement D. Statement of work

Question 4

Two government agencies sign a document outlining their intent to share cybersecurity threat data and coordinate incident response. The document is not legally binding and carries no financial obligations. Which agreement type does this describe?

A. Service-level agreement B. Business partners agreement C. Memorandum of agreement D. Memorandum of understanding

Question 5

A hardware manufacturer discovers that firmware on components sourced from a third-party supplier contains an undocumented backdoor. Which vendor assessment activity, if performed before procurement, would have MOST directly identified this risk?

A. Penetration testing of vendor web applications B. Supply chain analysis C. Review of vendor SLA compliance D. Vendor questionnaire

Question 6

Before contracting with a cloud storage provider to host patient health records, a hospital's security team reviews the provider's SOC 2 Type II reports, conducts a security architecture review, verifies certifications, and checks for prior regulatory violations. Which vendor selection activity is this?

A. Rules of engagement B. Conflict of interest review C. Due diligence D. Right-to-audit exercise

Question 7

Two companies enter a formal long-term agreement defining profit-sharing arrangements, joint marketing responsibilities, co-branding permissions, and dispute escalation procedures. Which agreement type does this represent?

A. Master service agreement B. Business partners agreement C. Statement of work D. Memorandum of understanding

Question 8

A financial institution has 47 active vendor contracts. The vendor risk team conducts quarterly security reviews, tracks vendors through an automated security ratings platform, and receives alerts when vendors experience data breaches. Which third-party risk process does this describe?

A. Vendor assessment B. Vendor due diligence C. Supply chain analysis D. Vendor monitoring

Question 9

A consulting firm is engaged for a 90-day security architecture review. The contract specifies the tasks to be completed, deliverables (a written report and executive presentation), the schedule, and the daily billing rate. Which agreement governs these project specifics?

A. Master service agreement B. Memorandum of agreement C. Non-disclosure agreement D. Statement of work

Question 10

A company evaluating cloud security vendors discovers that its procurement officer's spouse is a senior sales executive at one of the finalist vendors. The ethics committee is notified. Which vendor selection concern does this raise?