nerdexam
CompTIA

SY0-301 · Question #327

Ann, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Ann should immediately implement which of t

The correct answer is D. Security awareness training. Unauthorized personnel possessing access codes indicates a human behavior problem, making security awareness training the most appropriate immediate remediation.

Security operations

Question

Ann, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Ann should immediately implement which of the following?

Options

  • AAcceptable Use Policy
  • BPhysical security controls
  • CTechnical controls
  • DSecurity awareness training

How the community answered

(30 responses)
  • A
    10% (3)
  • B
    3% (1)
  • C
    7% (2)
  • D
    80% (24)

Why each option

Unauthorized personnel possessing access codes indicates a human behavior problem, making security awareness training the most appropriate immediate remediation.

AAcceptable Use Policy

An Acceptable Use Policy defines permissible use of IT resources and does not directly address the behavioral issue of employees sharing physical cipher lock codes.

BPhysical security controls

Installing new physical security controls such as replacement locks does not resolve the underlying behavior of employees sharing existing access codes with unauthorized individuals.

CTechnical controls

Technical controls operate on systems and software and cannot prevent employees from verbally disclosing physical cipher lock combinations to others.

DSecurity awareness trainingCorrect

The root cause of access codes being known by unauthorized personnel is that employees are either unaware of or disregarding security policies for protecting physical access credentials. Security awareness training directly addresses this by educating staff on the importance of keeping codes confidential, recognizing social engineering, and understanding consequences of policy violations. This targets the human-factor vulnerability that no technical or physical control can fully substitute for.

Concept tested: Security awareness training for physical access control

Source: https://csrc.nist.gov/publications/detail/sp/800-50/final

Topics

#security awareness training#physical access control#cipher locks#insider threat

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice