CompTIA Security+ Governance, Risk, and Compliance Quiz 1

What is the purpose of a risk assessment?

A) To eliminate all risks

B) To identify, assess, and prioritize risks

C) To prevent all attacks

D) To configure network devices

Correct Answer: To identify, assess, and prioritize risks

Which of the following best describes governance in a cybersecurity context?

A) Setting up firewalls

B) Establishing policies and procedures for security

C) Installing antivirus software

D) Running vulnerability scans

Correct Answer: Establishing policies and procedures for security

Which type of compliance standard is designed to protect cardholder data?

A) HIPAA

B) PCI-DSS

C) SOX

D) FISMA

Correct Answer: PCI-DSS

What is the purpose of data classification?

A) To ensure all data is public

B) To categorize data based on sensitivity

C) To identify malware

D) To encrypt data

Correct Answer: To categorize data based on sensitivity

Which of the following is an example of a preventive control?

A) Audit logs

B) Intrusion detection systems

C) Security policies

D) Firewalls

Correct Answer: Firewalls

Which framework is commonly used for managing cybersecurity risks in the United States?

A) ISO 9001

B) NIST CSF

C) CMMI

D) IEEE 802.11

Correct Answer: NIST CSF

What is the purpose of a business continuity plan?

A) To create a network map

B) To ensure operations can continue during a disruption

C) To encrypt data

D) To perform risk assessments

Correct Answer: To ensure operations can continue during a disruption

Which document defines roles and responsibilities in an organization’s security policy?

A) Risk Assessment

B) Security Policy

C) Audit Report

D) Access Control List

Correct Answer: Security Policy

Which type of control aims to reduce the impact of a security incident after it occurs?

A) Preventive

B) Detective

C) Corrective

D) Deterrent

Correct Answer: Corrective

What is the primary goal of risk mitigation?

A) To identify risks

B) To reduce risk to an acceptable level

C) To transfer all risks

D) To eliminate risks completely

Correct Answer: To reduce risk to an acceptable level

Our CompTIA practice questions are made to look and feel like the real exam, so students can feel ready when test day comes. Each question covers real-life project management ideas, which helps learners understand and remember important topics. By focusing on key points and tricky areas, these questions help students build confidence and know how prepared they are. This way, users aren't just practicing—they're really learning what they need to do well on the exam.

Looking for more? Crucial Exams has hundreds of CompTIA Practice Questions, flashcards and more that are expert vetted and available on web, iOS and Android!

Pass your CompTIA exam with Crucial Exams