Audits and Compliance
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Network+ premium course — no separate purchase.
Included in this chapter:
- Data locality, residency, and sovereignty
- PCI DSS and why segmentation shrinks the audit
- GDPR: the law that follows the person
- Audit logging, attestation, and the evidence loop
- Exam-pattern recognition
The three compliance drivers Network+ tests
| Aspect | Data locality / sovereignty | PCI DSS | GDPR |
|---|---|---|---|
| What it protects | Any data a law ties to a jurisdiction | Cardholder (payment card) data | Personal data of people in the EU |
| Source of authority | National / regional law | Card-brand contractual standard | EU regulation (law) |
| Core network control | Region and replication placement | Segment and firewall the CDE | Encryption, access control, logging |
| Scope trigger | Where the data physically resides | Touching or connected to card data | Targeting people who are in the EU |
| Signature requirement | Keep data inside the border | Reduce CDE scope via segmentation | 72-hour breach notification |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- CompTIA Security+ certification (data protection, audits and assessments, compliance)
- PCI SSC Glossary — Cardholder Data Environment (CDE) and Segmentation Whitepaper
- GDPR Article 3 — Territorial scope Whitepaper
- GDPR Article 4 — Definitions (data subject, controller, processor) Whitepaper
- GDPR Article 33 — Notification of a personal data breach to the supervisory authority Whitepaper
- GDPR Article 17 — Right to erasure (right to be forgotten) Whitepaper
- GDPR Article 83 — General conditions for imposing administrative fines Whitepaper