CompTIA Security+ Question I-90

In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

A. Security control frameworks
B. Best practice
C. Access control methodologies
D. Compliance activity

Answer: B

Explanation:
Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment.

CompTIA Security+ Question I-69

Peter, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).

A. Acceptable use policy
B. Risk acceptance policy
C. Privacy policy
D. Email policy
E. Security policy

Answer: A,C

Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

CompTIA Security+ Question H-89

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A. Develop a set of standards
B. Separation of duties
C. Develop a privacy policy
D. User training

Answer: D

Explanation:
User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means.

CompTIA Security+ Question F-31

Peter, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Peter insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?

A. Acceptable Use Policy
B. Privacy Policy
C. Security Policy
D. Human Resource Policy

Answer: A

Explanation:
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

CompTIA Security+ Question E-32

Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?

A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations

Answer: D

Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud.

CompTIA Security+ Question D-13

Which of the following should Peter, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

A. Privacy Policy
B. Least Privilege
C. Acceptable Use
D. Mandatory Vacations

Answer: D

Explanation:
When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.

CompTIA Security+ Question B-13

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Peter, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Peter indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy
B. Security Policy
C. Consent to Monitoring Policy
D. Acceptable Use Policy

Answer: D

Explanation:
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.