Dan has written a policy that prohibits employees from sharing their passwords with their coworkers, family members, or others. What type of credential policy has he created?

An administrative account policy

Adam is concerned about malware infecting machines on his network. One of his concerns is that malware would be able to access sensitive system functionality that requires administrative access. What technique would best address this issue?

Using a nonadministrative account for normal activities

Implementing host-based antimalware

Implementing full-disk encryption (FDE)

Making certain the operating systems are patched

What key difference separates pseudonymization and anonymization?

Pseudonymization requires additional data to reidentify the data subject

Anonymization can be reversed using a hash

Pseudonymization uses randomized tokens

Alaina wants to map a common set of controls for cloud services between standards like COBIT (Control Objectives for Information and Related Technology), FedRAMP (Federal Risk and Authorization Management Program), HIPAA (the Health Insurance Portability and Accountability Act of 1996), and others. What can she use to speed up that process?

The CSA's reference architecture

Isaac has been asked to write his organization's security policies. What policy is commonly put in place for service accounts?

They cannot use interactive logins

They must be issued only to system administrators

They must use multifactor authentication

How is asset value determined?

Any of the above based on organizational preference

The depreciated cost of the item

Which of the following is a common security policy for service accounts?

Implementing frequent password expiration

Which of the following does not minimize security breaches committed by internal employees?

Nondisclosure agreements signed by employees

Why are diversity of training techniques an important concept for security program administrators?

Each person responds to training differently

It allows for multiple funding sources

It avoids a single point of failure in training compliance

It is required for compliance with PCI-DSS

CompTIA Security+ Book Practice Test 5

Authored by blackpanther300 blackpanther300

Computers

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

36 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A security administrator is reviewing the company's continuity plan, and it specifies an RTO of four hours and an RPO of one day. Which of the following is the plan describing?

Systems should be restored within one day and should remain operational for at least four hours.

Systems should be restored within four hours and no later than one day after the incident.

Systems should be restored within one day and lose, at most, four hours' worth of data.

Systems should be restored within four hours with a loss of one day's worth of data at most.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following statements is true regarding a data retention policy?

Regulations require financial transactions to be stored for seven years.

Employees must remove and lock up all sensitive and confidential documents when not in use.

It describe a formal process of managing configuration changes made to a network.

It is a legal document that describes a mutual agreement between parties.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What type of information does a control risk apply to?

Health information

Personally identifiable information (PII)

Financial information

Intellectual property

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?

Owner

Custodian

Privacy officer

System administrator

MULTIPLE CHOICE QUESTION

1 min • 1 pt

As part of the response to a credit card breach, Sally discovers evidence that individuals in her organization were actively working to steal credit card information and personally identifiable information (PII). She calls the police to engage them for the investigation. What has she done?

Escalated the investigation

Public notification

Outsourced the investigation

Tokenized the data

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is not a common security policy type?

Acceptable use policy

Social media policy

Password policy

Parking policy

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What law or regulation requires a DPO in organizations?

FISMA

COPPA

PCI-DSS

GDPR

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

32 questions

Microsoft Excel - Formulae

Quiz

•

9th Grade - University

31 questions

Computer 10 Review Activity

Quiz

•

10th Grade - University

40 questions

Unit CC LO2

Quiz

•

12th Grade

35 questions

Evaluasi Ms. Word [Divisi Office-UKM CC]

Quiz

•

7th Grade - University

33 questions

Typography Test Review

Quiz

•

9th - 12th Grade

39 questions

adobe photoshop 2015 certification quiz 1

Quiz

•

9th - 12th Grade

40 questions

Computer Science Pre-Assessment Quiz

Quiz

•

9th - 12th Grade

40 questions

M4ออกแบบเทอม 2

Quiz

•

9th - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

57 questions

[AP CSP] Unit 5 Review: Internet & Cybersecurity

Quiz

•

9th - 12th Grade

CompTIA Security+ Book Practice Test 5

A security administrator is reviewing the company's continuity plan, and it specifies an RTO of four hours and an RPO of one day. Which of the following is the plan describing?

Which of the following statements is true regarding a data retention policy?

What type of information does a control risk apply to?

You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?

As part of the response to a credit card breach, Sally discovers evidence that individuals in her organization were actively working to steal credit card information and personally identifiable information (PII). She calls the police to engage them for the investigation. What has she done?

Which of the following is not a common security policy type?

What law or regulation requires a DPO in organizations?

Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur?

The website that Brian is using shows part of his Social Security number, not all of it, and replacing the rest of the digits with asterisks, allowing him to verify the last four digits. What technique is in use on the website?

Nick is following the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and has completed the prepare and categorize steps. Which step in the risk management framework is next?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers