CompTIA Security Plus Mock Test Q333

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

A. Social media policy
B. Data retention policy
C. CCTV policy
D. Clean desk policy


Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Clean Desk Policy Information on a desk — in terms of printouts, pads of note paper, sticky notes, and the like — can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

Incorrect Answers:
A: Social media policy will refer to data made available over the network and not paper files which represent hard copies.
B: Data retention policies refer to the period that data should be kept.
C: CCTV refers to an aspect of video surveillance and not paper files.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 369