An organization wants to ensure the privacy of the data that is on its systems. Full disk encryption and DLP are already in use. Which of the following is the BEST option?
A.
Require all remote employees to sign an NDA.
B.
Enforce geofencing to limit data accessibility.
C.
Require users to change their passwords more frequently.
Why do so many of these questions have such conflicting answers? I am more confused now than ever before since I started studying for CYSA 5 months ago. Maybe I shouldn't even bother.
B. Enforce geofencing to limit data accessibility.
Reasoning:
Geofencing allows the organization to define geographical boundaries where data can be accessed, adding an extra layer of control.
It complements existing security measures by restricting access based on the physical location of the user or device.
This measure is particularly effective for remote employees or devices accessing sensitive data.
It's crazy to me that people are saying NDA and AUP when those are DETERRENTS, they do not actually prevent anything. Geofencing is the correct answer.
D. Update the AUP (Acceptable Use Policy) to restrict data sharing.
Modifying the AUP to clearly define and restrict data sharing practices, coupled with ongoing user training and awareness programs, helps in establishing organizational norms and expectations regarding data privacy. It can regulate how data should be handled, shared, and processed by the employees, providing a policy framework that supports the technical measures (like DLP and encryption) in place.
ChatGPT: B. Enforce geofencing to limit data accessibility.
Explanation: Geofencing is a technology that uses GPS or RFID to create a virtual geographic boundary. By implementing geofencing, an organization can restrict access to sensitive data based on the physical location of the user or device. This additional layer of security complements full disk encryption and DLP (Data Loss Prevention) measures. It helps ensure that data can only be accessed from specific geographical locations, adding an extra dimension to data protection.
While full disk encryption and DLP (Data Loss Prevention) are already in use, they provide protection against data loss or leakage. However, updating the AUP adds an additional layer of policy-based control specifically targeting data sharing, thus enhancing the organization's data privacy measures
the BEST option to ensure the privacy of data on an organization's systems that already have full disk encryption and DLP in use is to update the Acceptable Use Policy (AUP) to restrict data sharing.
DLP and Encryption are sound technical controls that ensure data protection (which would include the Privacy). As mentioned below they are looking for a Managerial control, which would point to "Company Policy" - AUP: This would cover the organisation with sharing of information due to the consequences that will be imposed (even legal).
Answer should be D in my opinion
B. Enforce geofencing to limit data accessibility would be the BEST option to ensure the privacy of the data that is on the organization's systems. Geofencing technology can help restrict access to sensitive data from outside certain geographic locations, which can help prevent unauthorized access to the data. This is a strong control that can help prevent both accidental and intentional unauthorized access to sensitive data, and it is often used in combination with other security measures like full disk encryption and DLP. While NDAs, password policies, and AUPs can help protect data privacy in certain circumstances, they are not as effective at preventing unauthorized access as geofencing.
B. geofencing can restrict access to data based on the geographic location of the user or device, helping to prevent unauthorized access or data leakage. It is the best option to complement the existing security measures and ensure data privacy.
This question is making it pretty clear that they are after managerial controls, since technicals are in place and seems to be working fine. A is clearly the correct answer.
Privacy of data is a concern of who is accessing it. NDA's are more of a legal protection against the data itself being exposed by people who already have access.
Geofencing would further help limit who can access it.
I think it's D. Exam guide book, privacy is about the control the user has over who their data is shared with.
A is weird because only references remote workers. B could help, but you already have DLP, and doesn't relate as much to privacy as D, I feel.
B is the only one that will actually ensure that people can't do it. Signing an NDA for example is simply them saying they won't disclose information, it doesn't actually seal their lips
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Henry88
Highly Voted 2 years, 4 months agokill_chain
2 years agoRobV
Most Recent 1 year, 6 months agodickchappy
1 year, 7 months agoAbdallaAM
1 year, 8 months agokumax
1 year, 9 months ago5H4K1R
1 year, 7 months agoBig_Dre
1 year, 10 months agokyky
2 years agokyky
2 years agonedeajob12
2 years, 2 months agoAl75diablo
2 years, 3 months agotatianna
2 years, 3 months ago2Fish
2 years, 3 months ago2Fish
2 years, 3 months agoJoInn
2 years, 4 months agojleonard_ddc
2 years, 4 months agotalosDevbot
2 years, 4 months agoabsabs
2 years, 4 months ago10cccordrazine
2 years, 4 months agoAaronS1990
2 years, 4 months ago