Free CompTIA Security+ SY0-701 Practice Question

Compliance to regulatory requirements is the correct answer because it refers to the organization’s duty to follow laws and regulations relevant to its business processes and data handling practices. Failure to comply can result in legal penalties, fines, and reputational damage. 'Access control standards' are part of internal security measures and not external regulations. 'Change management procedures' are related to internal operations to ensure smooth transitions in IT systems and are not directly connected to legal requirements. 'Disaster recovery policies' are internally developed to prepare for and respond to catastrophic events and do not define an organization's requirement to adhere to external legal standards. 'Password guidelines' are internal controls designed to enhance security but do not represent the adherence to external laws.