nerdexam
CompTIA

SY0-301 · Question #724

A security analyst has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should be done NEXT?

The correct answer is B. Tell the application development manager to code the application to adhere to the company's. The correct next step is to tell the application development manager to code the application to adhere to the company's password policy. Security analysts are responsible for enforcing existing security policies. The proper response to a policy violation in progress is to require

Security program management and oversight

Question

A security analyst has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should be done NEXT?

Options

  • AContact the Chief Information Officer and ask them to change the company password policy so that
  • BTell the application development manager to code the application to adhere to the company's
  • CAsk the application development manager to submit a risk acceptance memo so that the issue can
  • DInform the Chief Information Officer of non-adherence to the security policy so that the developers

How the community answered

(62 responses)
  • A
    3% (2)
  • B
    74% (46)
  • C
    16% (10)
  • D
    6% (4)

Explanation

The correct next step is to tell the application development manager to code the application to adhere to the company's password policy. Security analysts are responsible for enforcing existing security policies. The proper response to a policy violation in progress is to require compliance-not to escalate to the CIO prematurely, not to weaken the existing policy, and not to simply accept the risk without first attempting remediation. A risk acceptance memo would only be appropriate if compliance were technically infeasible after exploring all options.

Topics

#password policy#security policy compliance#application development#risk acceptance

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice