Security Program Management and Oversight Questions
Practice questions for Security Program Management and Oversight topic in CompTIA Security+. 20 questions covering this domain.
An organization experiences a significant data breach. During the incident response review, it is discovered that a key third-party vendor had access ...
During a security audit, an auditor requests evidence that an organization's security controls are operating effectively. The organization provides sy...
Which security governance document defines the high-level expectations for how employees must handle sensitive data, including rules around data class...
A healthcare organization is implementing a new patient records system that will store protected health information (PHI). Which regulation MOST direc...
A company has identified that a critical server has a known vulnerability that would be extremely costly to patch. Management decides to purchase cybe...
A security awareness program sends simulated phishing emails to employees and tracks who clicks the links. Employees who click are automatically enrol...
An organization outsources its cloud hosting to a third-party provider. The provider experiences a data breach affecting the organization's customer d...
Which term describes the process of identifying, analyzing, and responding to potential risks to an organization's information assets?
An organization is subject to the Payment Card Industry Data Security Standard (PCI DSS). Which action is required when they discover that a business ...
An organization wants to establish a formal process for managing security-related changes to production systems, requiring documentation, testing, and...
An organization operating in the European Union collects personal data from customers. A customer requests that all their personal data be deleted. Un...
An organization must comply with multiple regulatory frameworks simultaneously, including PCI DSS, HIPAA, and state privacy laws. Which approach MOST ...
An organization uses the NIST Cybersecurity Framework (CSF) to structure its security program. Which core function focuses on understanding the organi...
A company performs a security risk assessment and determines that the likelihood of a specific threat exploiting a vulnerability is low, but the poten...
An organization is developing a security metrics program to report to executive leadership. Which metric MOST effectively demonstrates the operational...
An organization is developing a supply chain risk management program for its software vendors. Which control MOST effectively verifies that the softwa...
An organization is contracting a cloud provider to process sensitive customer data. Which legal document defines the specific security and privacy obl...
An employee is terminated and their access to all corporate systems should be immediately removed. Which security process governs this activity?
Which document provides a high-level framework for an organization's overall approach to information security, defining the principles and goals that ...
An organization conducts a business impact analysis (BIA) as part of its business continuity planning. What is the PRIMARY output of a BIA?
Sign in to see all 20 questions
Create a free account to browse all questions — completely free during our launch phase.