As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results: · The exception process and policy have been correctly followed by the majority of users. · A small number of users did not create tickets for the requests but were granted access. · All access had been approved by supervisors. · Valid requests for the access sporadically occurred across multiple departments. · Access, in most cases, had not been removed when it was no longer needed. Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Questions › Category: SY0-601 › As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results: · The exception process and policy have been correctly followed by the majority of users. · A small number of users did not create tickets for the requests but were granted access. · All access had been approved by supervisors. · Valid requests for the access sporadically occurred across multiple departments. · Access, in most cases, had not been removed when it was no longer needed. Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

0 Vote Up Vote Down

Admin Staff asked 12 months ago

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results:
· The exception process and policy have been correctly followed by the majority of users. · A small number of users did not create tickets for the requests but were granted access.
· All access had been approved by supervisors.
· Valid requests for the access sporadically occurred across multiple departments.
· Access, in most cases, had not been removed when it was no longer needed.
Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval.

B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request.

C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.

D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices.





 

Correct Answer: C

This question is in SY0-601 exam
For getting CompTIA Security+ certificate

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

Cisco IOS Popular Commands

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

Cisco IOS Popular Commands

Related Questions

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password