CompTIA exam questions
A company is starting to allow employees to use their own personal without centralized management. Employees must contract IT to have their devices configured to use corporate email; access is also available to the corporate cloud-based services. Which of the following is the BEST policy to implement under these circumstances?
A. Acceptable use policy
B. Security policy
C. Group policy
D. Business Agreement policy
Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?
A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use
Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?
A. Application white listing
B. Remote wiping
C. Acceptable use policy
D. Mobile device management
Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?
A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?
A. Authentication
B. Blacklisting
C. Whitelisting
D. Acceptable use policy
Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?
A. User Awareness
B. Acceptable Use Policy
C. Personal Identifiable Information
D. Information Sharing
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?
A. Privacy Policy
B. Security Policy
C. Consent to Monitoring Policy
D. Acceptable Use Policy
One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?
A. Segment the network
B. Use 802.1X
C. Deploy a proxy sever
D. Configure ACLs
E. Write an acceptable use policy
Emily, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Emily should immediately implement which of the following?
A. Acceptable Use Policy
B. Physical security controls
C. Technical controls
D. Security awareness training
Before logging into the company network, users are required to sign a document that is to be stored in their personnel file. This standards and policies document is usually called which of the following?
A. SOP
B. BEP
C. AUP
D. SLA