nerdexam
ExamsCAS-001Questions#125
CompTIA

CAS-001 · Question #125

CAS-001 Question #125: Real Exam Question with Answer & Explanation

The correct answer is A: Password Policy. With zero security policies in place, the highest-impact foundational controls are a Password Policy and a Data Classification Policy. A Password Policy (A) is the most universally applicable baseline control - it governs how all 20 employees authenticate to both shared servers a

Question

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

Options

  • APassword Policy
  • BData Classification Policy
  • CWireless Access Procedure
  • DVPN Policy
  • EDatabase Administrative Procedure

Explanation

With zero security policies in place, the highest-impact foundational controls are a Password Policy and a Data Classification Policy. A Password Policy (A) is the most universally applicable baseline control - it governs how all 20 employees authenticate to both shared servers and protects against weak or reused credentials. A Data Classification Policy (B) is critical here because the company holds two distinct data types (employee data and client data) on separate servers; classifying data defines handling rules, access levels, and protection requirements for each. The other options are either irrelevant or lower priority: employees do not remotely access servers, making a VPN Policy (D) unnecessary. Wireless Access Procedure (C) is not mentioned as a concern. A Database Administrative Procedure (E) is too narrow and presupposes a database-centric environment that isn't described. The two foundational policies address the broadest risk surface.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice