Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops?

A security auditor is conducting an audit of a corporation where 95% of the users travel or work
from non-corporate locations a majority of the time. While the employees are away from the
corporate offices, they retain full access to the corporate network and use of corporate laptops.
The auditor knows that the corporation processes PII and other sensitive data with applications
requiring local caches of any data being manipulated. Which of the following security controls
should the auditor check for and recommend to be implemented if missing from the laptops?

A security auditor is conducting an audit of a corporation where 95% of the users travel or work
from non-corporate locations a majority of the time. While the employees are away from the
corporate offices, they retain full access to the corporate network and use of corporate laptops.
The auditor knows that the corporation processes PII and other sensitive data with applications
requiring local caches of any data being manipulated. Which of the following security controls
should the auditor check for and recommend to be implemented if missing from the laptops?

A.
Trusted operating systems

B.
Full disk encryption

C.
Host-based firewalls

D.
Command shell restrictions



Leave a Reply 0

Your email address will not be published. Required fields are marked *