Domain 5: Security Program Management and Oversight

CompTIA Security+ (SY0-701) · this domain is approximately 20.0% of the exam · 102 practice questions.

Security Program Management and Oversight accounts for about 20% of SY0-701 and focuses on governance, risk, compliance, and data privacy responsibilities. It includes risk management frameworks, policy types, third-party risk assessments, auditing concepts, and regulatory requirements such as GDPR and HIPAA. Exam questions test whether candidates understand how security decisions are driven by business risk tolerance and legal obligations, not just technical controls.

Key concepts

access control authentication breach notification certificate authority compliance comptia security+ cryptography cybersecurity framework data classification data privacy dmz encryption firewall governance https identity verification ids incident response information security information security frameworks intrusion detection isms iso 27001 log management mfa network security network segmentation nist csf patch management pki risk management security awareness security controls security fundamentals security guidelines security monitoring security+ siem social engineering threat detection threat intelligence vulnerability management web security zero-day

Free practice questions

What is the primary goal of the NIST Cybersecurity Framework?
Free question · easy · full answer + explanation
Which framework provides a comprehensive approach to managing information security within an organization?
Free question · medium · full answer + explanation
What is the purpose of data classification?
Free question · easy · full answer + explanation

Practice all 102 questions in this domain

The full CompTIA Security+ (SY0-701) bank includes 99 more questions in this domain, each with a verified answer and a written explanation.

Practice CompTIA Security+ (SY0-701) Questions Free