CompTIA Security+ Governance, Risk, and Compliance Quiz 2

What is the primary goal of risk management in cybersecurity?

A) To eliminate all threats

B) To reduce risk to an acceptable level

C) To monitor user activity

D) To comply with all laws

Correct Answer: To reduce risk to an acceptable level

What type of policy outlines acceptable use of IT resources by employees?

A) Access control policy

B) Acceptable use policy

C) Security awareness policy

D) Incident response policy

Correct Answer: Acceptable use policy

Which compliance framework is designed specifically for government agencies in the US?

A) HIPAA

B) PCI-DSS

C) FISMA

D) SOX

Correct Answer: FISMA

What is a security control designed to detect and alert on suspicious activity?

A) Preventive

B) Detective

C) Corrective

D) Compensating

Correct Answer: Detective

What is the purpose of a security audit?

A) To encrypt data

B) To assess compliance and identify security gaps

C) To implement security policies

D) To destroy old data

Correct Answer: To assess compliance and identify security gaps

Which role is typically responsible for overseeing compliance and risk management within an organization?

A) IT Technician

B) CISO

C) Network Engineer

D) Database Administrator

Correct Answer: CISO

What is the purpose of access control in a cybersecurity framework?

A) To encrypt all data

B) To limit access to resources based on permissions

C) To monitor user activity

D) To delete unauthorized accounts

Correct Answer: To limit access to resources based on permissions

Which of the following best describes residual risk?

A) Risk that remains after implementing controls

B) All potential risks in an organization

C) Risk from external sources only

D) Risks that are eliminated through controls

Correct Answer: Risk that remains after implementing controls

What is the purpose of a data retention policy?

A) To secure data

B) To outline data storage requirements

C) To specify how long data must be kept

D) To delete unnecessary data

Correct Answer: To specify how long data must be kept

What is the purpose of role-based access control (RBAC)?

A) To allow unrestricted access to all users

B) To manage permissions based on roles within an organization

C) To require two-factor authentication

D) To secure all internet access

Correct Answer: To manage permissions based on roles within an organization

Our CompTIA practice questions are made to look and feel like the real exam, so students can feel ready when test day comes. Each question covers real-life project management ideas, which helps learners understand and remember important topics. By focusing on key points and tricky areas, these questions help students build confidence and know how prepared they are. This way, users aren't just practicing—they're really learning what they need to do well on the exam.

Looking for more? Crucial Exams has hundreds of CompTIA Practice Questions, flashcards and more that are expert vetted and available on web, iOS and Android!

Pass your CompTIA exam with Crucial Exams