nerdexam
ExamsCAS-002Questions#172
CompTIA

CAS-002 · Question #172

CAS-002 Question #172: Real Exam Question with Answer & Explanation

The correct answer is A: Password Policy. For a small 20-person business with employee and client data but no remote server access, a Password Policy and Data Classification Policy are the most foundational and broadly applicable controls to implement first.

Question

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

Options

  • APassword Policy
  • BData Classification Policy
  • CWireless Access Procedure
  • DVPN Policy
  • EDatabase Administrative Procedure

Explanation

For a small 20-person business with employee and client data but no remote server access, a Password Policy and Data Classification Policy are the most foundational and broadly applicable controls to implement first.

Common mistakes.

  • C. A Wireless Access Procedure is not applicable because the scenario makes no mention of wireless infrastructure in this small office environment.
  • D. A VPN Policy is unnecessary because the scenario explicitly states that employees do not access either server remotely when working from client sites.
  • E. A Database Administrative Procedure is too operationally complex and granular for a 20-person company and is not among the most critical foundational policies needed.

Concept tested. Foundational security policy prioritization for small businesses

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice