CompTIA Security Plus Mock Test Q486

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Removable storage is both a benefit and a risk and since not all mobile devices support removable storage, the company has to has a comprehensive policy which details the controls of the use of removable s to mitigate the range of risks that are associated with the use of these devices.

Incorrect Answers:
A: Remote wiping is the act of deleting data/all data and maybe even configuration settings from a device remotely, but it is not a guarantee of data security.
B: Full-disk encryption is used mainly to provide protection for an operating system and this is only best effective when the system is fully powered off. This is not going to mitigate the risks posed in this case.
C: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. This is not mitigating risk.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 251-252
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 24
http://en.wikipedia.org/wiki/Acceptable_use_policy