CompTIA Security+ · SY0-701
Objective 5.4: Summarize elements of effective security compliance
Practice questions for Security+ objective 5.4, “Summarize elements of effective security compliance.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.
This objective sits in Domain 5.0: Security Program Management and Oversight, which is about 20% of the exam — so mastering it moves your readiness score meaningfully.
1.A financial services regulator revokes a broker-dealer's operating license after repeated compliance failures. Which consequence of non-compliance does this represent?
2.An e-commerce company processes credit card payments directly on its own servers rather than redirecting customers to a third-party payment page. The company stores cardholder data for 18 months to support dispute resolution. A compliance auditor informs the company that their environment is subject to the most rigorous assessment requirements available. Which compliance framework applies, and what is the primary reason the most rigorous requirements are triggered?
3.A multinational organization processes payment card transactions and also operates in the European Union, collecting personal data from EU residents. The organization's compliance team identifies that two regulatory frameworks apply simultaneously to their data environment. One framework requires quarterly network scans, annual penetration testing, and specific encryption standards for cardholder data. The other requires privacy impact assessments, data subject rights management, and breach notification within 72 hours. Which frameworks are described, and what is the key operational distinction in how each framework is enforced?
4.A retail company's website experiences a breach exposing 50,000 EU customers' email addresses and purchase histories. Under GDPR, which immediate obligation does the organization have?
5.Which regulation requires organizations to report personal data breaches to supervisory authorities within 72 hours of becoming aware of the breach?
Practice every objective, adaptively
CertBench tracks your score on 5.4 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.
Take the free diagnostic