CompTIA Security+ (SY0-701) — Question 304

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Answer options

• A. Implement access controls and encryption.
• B. Develop and provide training on data protection policies.
• C. Create incident response and disaster recovery plans.
• D. Purchase and install security software.

Correct answer: A

Explanation

The correct answer is A, as implementing access controls and encryption directly protects sensitive data, which is essential for compliance. Options B and C are important for compliance but are secondary steps that follow the establishment of foundational security measures. Option D, while useful, does not address the immediate need for securing data access and protection.