CompTIA Security+ (SY0-701) — Question 371

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Answer options

• A. Gap analysis
• B. Policy review
• C. Security procedure evaluation
• D. Threat scope reduction

Correct answer: A

Explanation

Conducting a gap analysis is essential to identify the differences between current security measures and the new regulation requirements, which is the first step in compliance. The other options, such as policy review and security procedure evaluation, are important but should follow after understanding the gaps in compliance. Threat scope reduction is not directly related to identifying compliance needs.