CompTIA Security+ Question L-30

A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?

A. Service level agreements
B. Interoperability agreements
C. Privacy considerations
D. Data ownership

Answer: C

Explanation:
Businesses such as banks have legally mandated privacy requirements and with moving operations offshore there is decentralized control with has implications for privacy of data.

CompTIA Security+ Question J-17

The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced?

A. Acceptable use policy
B. Telecommuting policy
C. Data ownership policy
D. Non disclosure policy

Answer: A

Explanation:
Acceptable use policy describes how employees are allowed to use company systems and resources, and the consequences of misuse.

CompTIA Security+ Question J-16

Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A. The data should be encrypted prior to transport
B. This would not constitute unauthorized data sharing
C. This may violate data ownership and non-disclosure agreements
D. Acme Corp should send the data to ABC Services’ vendor instead

Answer: C

Explanation:
With sending your data to a third party is already a risk since the third party may have a different policy than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data.

CompTIA Security+ Question H-42

Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).

A. Authentication
B. Data leakage
C. Compliance
D. Malware
E. Non-repudiation
F. Network loading

Answer: B,C,D

Explanation:
In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed. Data leakage, compliance and Malware issues are all issues concerning data ownership and backup which are both impacted on by corporate IM.

CompTIA Security+ Question G-71

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company’s rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?

A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use

Answer: A

Explanation:
Issues of limiting potential legal concerns regarding company rules where users are allowed to bring their own devices is the premise of data ownership. When a third party (in this case the user’s own device) is involves in a data exchange when clear rules and restrictions should be applied regarding data ownership.