Basics of IT and Governance for CompTIA Project+

Sample Practice Questions

1. Question 1

   Which of the following BEST describes how an organization should coordinate management of multiple related projects?
   1. A. Apply the SDLC process.
   2. B. Establish a program.
   3. C. Consult the CCB.
   4. D. Use different frameworks.
   Explanation

   The correct answer is: B. Establish a program..

   A program is a coordinated grouping of related projects managed together to achieve benefits not available from managing them individually, which is exactly the structure required to align several interdependent projects toward a common objective. Applying the SDLC defines how a single software project moves through phases and does not address inter-project coordination. Consulting the Change Control Board governs changes within an in-flight project rather than orchestration across projects. Using different frameworks would actually fragment rather than unify the work and runs counter to the question's goal. Because the situation calls for unified oversight of multiple linked projects, establishing a program is the correct organizational response.

2. Question 2

   Which of the following should occur when implementing an IT infrastructure change that takes risks into consideration?
   1. A. Approving the change request
   2. B. Developing a rollback plan
   3. C. Gathering necessary resources
   4. D. Defining requirements
   Explanation

   The correct answer is: B. Developing a rollback plan.

   Whenever an IT infrastructure change is planned with an honest view of risk, a rollback plan is essential because it guarantees there is a documented, tested path back to the previous stable state if the change misbehaves. Approving the change request is a procedural step that confirms the change is authorized; it does not address what happens when something goes wrong. Gathering necessary resources is logistics and does not, on its own, account for risk. Defining requirements happens far earlier in the project and is not the risk-mitigation activity tied to the change itself. Because the question asks specifically what should occur when risk is considered, developing the rollback plan is the correct answer.

3. Question 3

   A project manager is in the closing phase of an IT asset refresh project that involves the disposal of several computers. The project sponsor notified the project manager that the company recently received a penalty as a result of disposing of some computers improperly. Which of the following should have been considered during initial planning to prevent this situation?
   1. A. ESG
   2. B. PHI
   3. C. PII
   4. D. ROIL
   Explanation

   The correct answer is: A. ESG.

   Environmental, Social, and Governance (ESG) considerations cover responsible disposal of equipment, regulated handling of electronic waste, and the broader environmental footprint of project activities. An IT asset refresh that includes computer disposal must follow e-waste regulations and certified recycling practices, which is precisely the ESG dimension the sponsor's penalty is signaling was missed. Protected Health Information is a category of personal health data and is unrelated to hardware disposal. Personally Identifiable Information refers to data that can identify an individual and again does not address how physical equipment is destroyed or recycled. ROIL is not a standard project-management or compliance term in this context. The improper-disposal penalty pinpoints an environmental and governance lapse, which is exactly what ESG planning is designed to prevent.

4. Question 4

   A project manager sent equipment to a global project team for testing purposes. Only 70% of the project team received the equipment for testing. Which of the following considerations is impacting the rest of the team?
   1. A. Quality assurance
   2. B. Organizational branding restrictions
   3. C. State privacy acts
   4. D. Country legal regulations
   Explanation

   The correct answer is: D. Country legal regulations.

   When a global team only partially receives shipped equipment, the most likely culprit is country-specific legal regulations governing imports, exports, and the movement of restricted goods across borders. Customs rules, dual-use technology controls, encryption export limits, and tariff regimes vary widely by jurisdiction and routinely block or delay otherwise routine project shipments. Quality assurance addresses whether the equipment meets specification and is unrelated to whether it crossed a border. Organizational branding restrictions might govern how a logo appears on a product but have no bearing on cross-border delivery. State privacy acts regulate the handling of personal information rather than the movement of physical goods. Because the issue is geographic delivery failure, country legal regulations is the correct factor to consider.

5. Question 5

   Someone claiming to be from a tax agency sent an email to a team member asking for access to the project repository. Which of the following BEST describes this scenario?
   1. A. Social engineering
   2. B. Phishing
   3. C. Spoofing
   4. D. Hacking
   Explanation

   The correct answer is: A. Social engineering.

   Social engineering is the umbrella discipline of manipulating people into performing actions or divulging information they otherwise would not, and an unsolicited request from someone claiming authority — in this case a fake tax-agency representative seeking repository access — squarely fits that pattern. Phishing is one specific channel within social engineering, typically using deceptive email or messaging; it is a valid label but narrower than the full category the scenario invokes. Spoofing means falsifying identifying information, such as a forged sender address, and is a technique that may be used within a social-engineering attempt rather than the attempt itself. Hacking is a broad informal term for unauthorized system access and does not describe a deception aimed at a person. Because the situation centers on deceiving a team member into granting access, the social-engineering category is the most accurate description.

Other CompTIA Project+ domains

• Project Life Cycle Phases (151 questions)
• Project Management Concepts (162 questions)
• Tools and Documentation (144 questions)