CompTIA Security Plus Mock Test Q312

Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?

A. Acceptable Use Policy
B. Physical security controls
C. Technical controls
D. Security awareness training

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Security awareness and training include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. A good security awareness training program for the entire organization should cover the following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures; Usage policies; Account and password-selection criteria as well as Social engineering prevention.

Incorrect Answers:
A: Companies generally have acceptable use policies regarding how computers can be used within the organization.
B: Physical security controls refers to actual physical barriers such as an external entrance to a building (perimeter), locked doors and entrance to the secure/computer room itself. In
this scenario the unauthorized personnel already have access codes to the cipher locks of secure areas.
C: Technical Controls are usually implements using technology such as firewalls, IDS, IPS, etc.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 399-404, 420