nerdexam
CompTIA

SY0-301 · Question #70

Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of

The correct answer is D. Security awareness training. The root cause of unauthorized personnel having cipher lock codes is a human behavior problem - authorized employees are sharing or improperly handling access codes. Security awareness training directly addresses this by educating staff on why they must not share access codes, th

Security program management and oversight

Question

Sara, a company's security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following?

Options

  • AAcceptable Use Policy
  • BPhysical security controls
  • CTechnical controls
  • DSecurity awareness training

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    13% (3)
  • C
    8% (2)
  • D
    75% (18)

Explanation

The root cause of unauthorized personnel having cipher lock codes is a human behavior problem - authorized employees are sharing or improperly handling access codes. Security awareness training directly addresses this by educating staff on why they must not share access codes, the risks of doing so, and proper procedures for protecting physical access credentials. An Acceptable Use Policy (AUP) governs acceptable technology use, not physical access code sharing. Physical security controls (such as replacing cipher locks with card readers) could help long-term but do not immediately address the ongoing human behavior of code sharing. Technical controls could enforce access logging but would not stop the behavior of sharing codes. Training is the most immediate and targeted solution to a people/behavior problem.

Topics

#security awareness training#physical security#access control#insider threat

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice