CompTIA Security+ (SY0-701) — Question 207

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

Answer options

• A. Fines
• B. Reputational damage
• C. Sanctions
• D. Contractual implications

Correct answer: A

Explanation

The correct answer is A, as fines are often a direct financial penalty imposed by regulatory bodies for non-compliance with data privacy regulations. While reputational damage (B), sanctions (C), and contractual implications (D) may also result from non-compliance, they are more indirect consequences rather than immediate financial penalties.