SY0-501 Question #533: Real Exam Question with Answer & Explanation

Question

An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following is the MOST appropriate actions to take?

Options

• AFlip the documents face down so no one knows these documents are PII sensitive
• BShred the documents and let the owner print the new set
• CRetrieve the documents, label them with a PII cover sheet, and return them to the printer
• DReport to the human resources manager that their personnel are violating a privacy policy

Explanation

An external auditor found unattended documents containing sensitive PII on printers in the human resources department, indicating a clear violation of data privacy policies.

Common mistakes.

• A. Flipping documents face down only conceals the immediate exposure without resolving the underlying policy violation or preventing future occurrences of sensitive PII being left unattended.
• B. Shredding the documents removes the immediate risk but does not address the fundamental issue of HR personnel violating privacy policies by leaving sensitive PII unattended on printers.
• C. Retrieving and labeling the documents, then returning them to an unattended printer, still poses a risk of PII exposure and does not resolve the systemic non-compliance with data privacy policies.

Concept tested. Data privacy policy enforcement and incident reporting

Reference. https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-data-privacy

No community discussion yet for this question.