SY0-301 · Question #327
Ann, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Ann should immediately implement which of t
The correct answer is D. Security awareness training. Unauthorized personnel possessing access codes indicates a human behavior problem, making security awareness training the most appropriate immediate remediation.
Question
Ann, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Ann should immediately implement which of the following?
Options
- AAcceptable Use Policy
- BPhysical security controls
- CTechnical controls
- DSecurity awareness training
How the community answered
(30 responses)- A10% (3)
- B3% (1)
- C7% (2)
- D80% (24)
Why each option
Unauthorized personnel possessing access codes indicates a human behavior problem, making security awareness training the most appropriate immediate remediation.
An Acceptable Use Policy defines permissible use of IT resources and does not directly address the behavioral issue of employees sharing physical cipher lock codes.
Installing new physical security controls such as replacement locks does not resolve the underlying behavior of employees sharing existing access codes with unauthorized individuals.
Technical controls operate on systems and software and cannot prevent employees from verbally disclosing physical cipher lock combinations to others.
The root cause of access codes being known by unauthorized personnel is that employees are either unaware of or disregarding security policies for protecting physical access credentials. Security awareness training directly addresses this by educating staff on the importance of keeping codes confidential, recognizing social engineering, and understanding consequences of policy violations. This targets the human-factor vulnerability that no technical or physical control can fully substitute for.
Concept tested: Security awareness training for physical access control
Source: https://csrc.nist.gov/publications/detail/sp/800-50/final
Topics
Community Discussion
No community discussion yet for this question.