CompTIA Security+ (SY0-501) — Question 914

Which of the following is the purpose of an industry-standard framework?

Answer options

• A. To promulgate compliance requirements for sales of common IT systems
• B. To provide legal relief to participating organizations in the event of a security breach
• C. To promulgate security settings on a vendor-by-vendor basis
• D. To provide guidance across common system implementations

Correct answer: D

Explanation

The correct answer, D, highlights that industry-standard frameworks are meant to provide guidance for implementing systems consistently. Options A, B, and C are incorrect because they focus on compliance, legal protections, and vendor-specific settings, which are not the primary purpose of an industry-standard framework.