As part of annual audit requirements, the security team performed a review of exceptions to the company policy
that allows specific users the ability to use USB storage devices on their laptops. The review yielded the
following results:
The exception process and policy have been correctly followed by the majority of users.
A small number of users did not create tickets for the requests but were granted access.
All access had been approved by supervisors.
Valid requests for the access sporadically occurred across multiple departments.
Access, in most cases, had not been removed when it was no longer needed.
Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded
access is removed in a reasonable time frame?
A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies
the approval.
B. Remove access for all employees and only allow new access to be granted if the employee's supervisor
approves the request.
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with
the management team.
D. Implement a ticketing system that tracks each request and generates reports listing which employees
actively use USB storage devices.
that allows specific users the ability to use USB storage devices on their laptops. The review yielded the
following results:
The exception process and policy have been correctly followed by the majority of users.
A small number of users did not create tickets for the requests but were granted access.
All access had been approved by supervisors.
Valid requests for the access sporadically occurred across multiple departments.
Access, in most cases, had not been removed when it was no longer needed.
Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded
access is removed in a reasonable time frame?
A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies
the approval.
B. Remove access for all employees and only allow new access to be granted if the employee's supervisor
approves the request.
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with
the management team.
D. Implement a ticketing system that tracks each request and generates reports listing which employees
actively use USB storage devices.