CompTIA
PT0-001 · Question #217
PT0-001 Question #217: Real Exam Question with Answer & Explanation
The correct answer is B: Ensure corporate policies include guidance on the proper handling of sensitive information.. A penetration test report with critical findings was improperly discarded; the best protection is a corporate policy that governs the proper handling and disposal of sensitive information.
Engagement management
Question
During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains validated critical risk exposures. Which of the following processes would BEST protect this information from being disclosed in the future?
Options
- ARestrict access to physical copies to authorized personnel only.
- BEnsure corporate policies include guidance on the proper handling of sensitive information.
- CRequire only electronic copies of all documents to be maintained.
- DInstall surveillance cameras near all garbage disposal areas.
Explanation
A penetration test report with critical findings was improperly discarded; the best protection is a corporate policy that governs the proper handling and disposal of sensitive information.
Common mistakes.
- A. Restricting access to authorized personnel controls who receives the document but does not govern what those authorized individuals do with it after use, leaving improper disposal still unaddressed.
- C. Requiring only electronic copies shifts the storage medium but does not prevent mishandling; digital documents can be equally mismanaged or left accessible.
- D. Surveillance cameras near disposal areas are a detective control that identifies incidents after they occur rather than preventing improper disposal in the first place.
Concept tested. Sensitive document handling and disposal policy
Reference. https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
Topics
#physical security#document handling#sensitive information#policy
Community Discussion
No community discussion yet for this question.