Sara, a company’s security officer, often receives reports of unauthorized personnel having
access codes to the cipher locks of secure areas in the building. Sara should immediately
implement which of the following?
A.
Acceptable Use Policy
B.
Physical security controls
C.
Technical controls
D.
Security awareness training
Surely B. If you are aware that your security measures have been compromised, you need to first deal with that. Then you can address the cause of the breach. Incident before problem.
I wanna say that since Sara is already a security officer, there is already a Physical security control.
Dumb question either way.
if we just keep assuming this or that is in place already then any answer could be right. My opinion is that since Sara receives reports of unauthorized personnel having
access codes to the cipher locks of secure areas in the building, it should be obvious that people are trained to look out for this or on the awareness and maybe now Physical security controls should be added immediately and then more Security awareness training.
although i guess they might not be trained to stop the re-occurrence and therefore need more Security awareness training.
My opinion is this is a crappy question. If the cypher lock are compromised, I would post some type of guard, or change the combos. What good is training going to do?
The thing is, she is getting reports… You can go change the locks all day and it will still happen again. You have to put out training on it first then implement physical security. Think Security+ not common sense logic.