Section 5.4 Demonstrate your acquired knowledge about elements of effective security compliance. This will demonstrate your proficiency for section 5.4 of the Security+ SY0-701 objectives. 1 / 25 Which of the following is most likely required after a compliance failure? License audit Policy rewrite Key rotation RPO tuning 2 / 25 Compliance automation allows organizations to: Replace SOCs Reduce MTBF Detect violations Shorten patching 3 / 25 What is a key goal of privacy-focused regulations? Encrypt logs Minimize audits Protect subjects Disable ports 4 / 25 Which best defines the legal implication of a data breach in the EU? Contract end Criminal probe GDPR action Audit freeze 5 / 25 A global compliance breach may involve: Local bylaws Industry logs International laws Business units 6 / 25 What should a data inventory document include? Firmware dates Traffic filters Asset owners Data locations 7 / 25 Reputational harm due to non-compliance often leads to: Patch delay License gain Customer loss Quota boost 8 / 25 Which role has ultimate responsibility for collected personal data? Data processor Custodian Controller Engineer 9 / 25 A regional law requiring encryption of PII would be: SLA clause Local privacy law Federal charter Corporate policy 10 / 25 Why is internal compliance reporting necessary? Aid external vendors Satisfy local laws Inform internal audits Backup daily logs 11 / 25 What’s the risk of not tracking contractual compliance? Data loss Fines Staffing Token leak 12 / 25 Which action best supports due care in compliance? Enable port mirroring Create staff rosters Implement DLP Define test cases 13 / 25 Which is a global privacy regulation example? HIPAA CCPA GDPR FERPA 14 / 25 What document formally verifies a party has met control objectives? SLA NDA Attestation Statement 15 / 25 A processor in data terms refers to: Risk strategist Legal counsel Service handler System architect 16 / 25 Which approach best supports ongoing privacy compliance? Monthly rollups Scheduled backups Automated scans On-call rotation 17 / 25 What would be a consequence of failing a regulatory audit? Cloud migration License renewal Monetary fine Backup loss 18 / 25 What compliance risk is most likely when no data retention plan exists? Legal hold Data drift Access bloat Log spamming 19 / 25 What distinguishes a data controller from a processor? Network size Data creation Processing rules Role in decisions 20 / 25 The “right to be forgotten” is primarily associated with: Licensing renewal Encryption failure Data removal Role reassignment 21 / 25 Which of the following is an internal method of monitoring compliance? Government audit SOC 2 review System log checks External scan 22 / 25 A compliance attestation serves what primary function? Triggers alerts Reduces logs Confirms actions Stores evidence 23 / 25 What is the result of repeated non-compliance with external laws? Loss of license Internal audits Revenue growth Hardware failurefailure Answer: A 24 / 25 Which compliance risk has the most long-term reputational impact? System downtime Access delays Privacy breach Staffing issues 25 / 25 What is the primary purpose of compliance reporting? Estimate market value Track device uptime Demonstrate adherence Optimize staff tasks Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
