220-1102 Question #443: Real Exam Question with Answer & Explanation

Question

A company recently outsourced its night-shift cleaning service. A technician is concerned about having unsupervised contractors in the building. Which of the following security measures can be used to prevent the computers from being accessed? (Choose two.)

Options

• AImplementing data-at-rest encryption
• BDisabling AutoRun
• CRestricting user permissions
• DRestricting log-in times
• EEnabling a screen lock
• FDisabling local administrator accounts

Explanation

To prevent unsupervised contractors from accessing computers, restricting log-in times and enabling a screen lock are effective security measures. These directly control when and how users can interact with the systems.

Common mistakes.

• A. Implementing data-at-rest encryption protects data if the drive is physically removed or stolen, but it does not prevent access to a powered-on, unlocked computer.
• B. Disabling AutoRun prevents automatic execution of media, which is good security practice but not a primary control for preventing direct computer access by an individual.
• C. Restricting user permissions limits what a logged-in user can do, but it does not prevent them from logging in or initially accessing the system during unauthorized hours.
• F. Disabling local administrator accounts limits the privileges of local accounts, but it does not prevent standard users from logging in or stop physical access to an unlocked machine.

Concept tested. Physical and logical access controls

Reference. https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/screen-lock-options

No community discussion yet for this question.