Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Having a hardtime to understand how "Security Policies" could be the BEST way to protect an organization's data assets.
If we don't have technical controls in place - users tend to just do wheterver. Imagine having a policy that says change your password every 90 days. How many people will do that? But if GPO expires their password.... they will change it right way.
SOLID B .... it's more like changing the culture . Even if you use encryption at rest or in transit they can write the data down on a a sticky note , share their screen with third parties , use their cellphone and take snaps of their work computer with confidential data displayed , get hooked on a social engineering scam etc . It all boils down to the the people at the end of the day and their respect for the policy either through pure logic or out of fear of disciplinary actions (enforcement) .
I think the key word is ENFORCE adherence to security policies, as policies include not only encryption requirements but other things to protect data, acceptable use for instance.
encrypting the data at rest and in transit is great for those who are unauthorized. However, the question is not that specific, reading that it applies to all types of users (authorized and not). When accounting for this interpretation of the question, B makes more sense. Additionally, B doesn't JUST list having or monitoring a policy, it is specific to also say enforce which implies technical controls.
Answer A) you can implement all the security policies you want, but something will happen sooner or later. If you encrypt everything first, then it provides the BEST protection against theft/loss.
A, because you always pick the answer with humanless involvement when comes to security because human is not trustable. You learn this from Kelly Handerhan!
The best way to protect an organization's data assets is not a single method, but a combination of multiple methods that address different aspects and layers of data security. However, among the four options given, the most comprehensive and effective one is A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
Option B. Monitor and enforce adherence to security policies is a good practice for ensuring compliance and awareness of data security standards and regulations, but it does not directly protect data from attacks or breaches.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Want to SAVE BIG on Certification Exam Prep?
godchild
Highly Voted 1 year, 10 months agowins34
4 months, 2 weeks agojackdryan
1 year, 2 months agofranbarpro
1 year, 10 months agoN00b1e
1 year, 10 months agoDButtare
1 year, 9 months agoAriel235788
8 months, 3 weeks agoRamye
1 month, 1 week agoFredDurst
1 year, 8 months agoDButtare
Highly Voted 1 year, 9 months agof270069
Most Recent 5 days, 5 hours ago50e940e
1 week, 1 day agoCCNPWILL
1 month agoHardrvkllr
2 months, 4 weeks agoCCNPWILL
3 months agoVasyamba1
3 months, 3 weeks agoKyanka
4 months agoAz900500
4 months, 1 week agowins34
4 months, 2 weeks agoJBAnalyst
6 months agoGPrep
6 months agoilan0000
6 months agoYesPlease
7 months agoYesPlease
6 months, 1 week agoaape1
9 months, 1 week agoLaw88
9 months, 2 weeks ago