An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:
✑ Systems containing PII are protected with the minimum control set.
✑ Systems containing medical data are protected at the moderate level.
✑ Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?
A. Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
B. Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
C. Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
D. Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
Suggested Answer: A
Community Answer: A
This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA.
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.
