CertByte: CompTIA® Security+
By Chris Hare, N2K Project Management Specialist and Content Developer
Nov 20, 2024

CertByte is a bi-weekly blog and segment on the CyberWire Daily podcast hosted by Chris Hare, a content developer and project management specialist at N2K. On CertByte, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. View our CertByte series on YouTube.

CertByte: CompTIA® Security+

On this edition of CertByte, we discuss a question from N2K’s CompTIA® Security+ practice test. 

As your news-to-knowledge partner, N2K will advance your career while bringing you the industry news and trends that help you stay a step ahead. Through our bi-weekly episodes of CertByte on the CyberWire Daily podcast, and these companion articles, we aim to support your certification journey and fast-track your career growth in IT, cybersecurity, and project management. As your host, I or my guest will share a practice question from N2K’s suite of industry-leading content and a study tip (or study “bit” as I like to call it) to increase your confidence and readiness on exam day.   

In this segment, my teammate Dan Neville and I will break down a question from N2K's CompTIA Security+ Practice Test. The CompTIA Security+ exam is targeted at candidates who already hold a Network+ cert, and have at least two years of experience working in a security or systems admin role. As always, the question Dan posed to me is a sample from N2K's CompTIA Security+ Practice Test*, and not from the actual CompTIA exam. 

Quick CompTIA Security+ study bit.

Dan shared an important study bit that you should know before you sit for the Security+ exam: Get a copy of the published exam objectives. If there’s a term or concept in the objectives that you do not understand, use your study materials to read up on that term and keep studying until you can explain it to a five-year-old. 

This week’s question.

Which role and associated responsibility involves managing and overseeing the use of systems and data, ensuring compliance with security policies and regulations?

Answer choices: 

  1. Owners
  2. Custodians and stewards
  3. Processors
  4. Controllers

Working through the logic of each answer choice.

Before I assessed each answer option, I reminded Dan of my limited technical acumen. Then, I examined the context of this question, which targets program management and oversight and elements of effective security governance. Based on this context, I decided to approach this question from a project management bent, specifically in terms of a RACI (which stands for responsible, accountable, consulted, and informed). I proceeded with this strategy not knowing the answer. 

The first choice, "owners," sounded more like a role of accountability rather than management. The next answer option, “custodians and stewards,” sounded more hands-on and responsible, so this could be a possible answer. I decided to put a pin in that one and come back to it. The next option," processors," sounded likely, but not for something as overarching as overseeing systems and data and compliance (though it could be an informed role). The last option, "controllers," felt more like a legal or compliance role, which may be more of the consulted part of a RACI. Using this line of thinking, I decided to go with "B. Custodians and stewards." 

After complimenting my logical way of working through the answers, Dan said my answer was correct. Custodians and stewards are individuals (or entities) who are responsible for the day-to-day management and protection of systems and data assets. They ensure the proper handling, storage, and security of data in accordance with policies and procedures. Custodians are typically responsible for implementing security controls, monitoring access, and responding to security incidents, while stewards focus on data governance, quality assurance, and metadata management.

As a quick summary and easy differentiation:

  • Owners have ultimate accountability for the governance and strategic direction of systems and data.
  • Controllers ensure compliance with legal and regulatory requirements related to data processing.
  • Processors handle personal data on behalf of data controllers and implement security measures to protect data, but do not oversee the implementation of those measures.
  • Custodians and stewards are responsible for the day-to-day management and protection of systems and data assets, implementing security controls, and ensuring data integrity and quality.

I then asked Dan about CompTIA’s assertion that the Security+ exam is the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market. I wanted his professional opinion on which exam he considers to be the most difficult of the top three CompTIA certs: Network+, Security+, and A+ -- and why? Dan shared that he believes Security+ is the hardest, as A+ is very broad and wide (a lot of material but not depth), and Network+ builds on the foundation of A+. Security+ requires you to know elements of both the A+ and Network+ exams in addition to knowing security requirements. Therefore, Security+ is the most challenging of the three.

In other product news, Dan shared that the next CompTIA updates include Cloud+ (released in September 2024), Tech+ (formerly known as IT Fundamentals+, anticipated release by the end of 2024), PenTest+ (releasing December 2024), SecurityX (releasing December 2024), and Data+ (releasing February 2025). SecurityX is a brand-new exam and an expert-level certification that replaces CASP+. All of these updated exams will be available in practice test form on our site by the end of this year or in early 2025. In the meantime, N2K offers all of the current versions of these exams

Want more help with this exam?

Whether you are actively studying for the Security+ exam or would like to suggest a future certification question, email us at certbyte at n2k.com.

Premium certification prep tools.

CompTIA Security+ (SY0-701) | Practice Test - N2K

If you're studying for an IT, cybersecurity, or project management certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news-to-knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Explore key terms from the Security+ certification.

Visit N2K CyberWire’s glossary to dive deeper into these key terms, listed in the order discussed in our segment: CompTIA®, system, data, compliance, security policy, security regulation, owner, custodian, steward, processor, controller, program management, RACI, security controls, data governance, quality assurance, metadata management, data processing, data controllers, data assets, data integrity, data quality, ISO, ANSI.

Happy certifying!


*For sources and citations for this practice question, please check out our show notes.