Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes
to the cipher locks of secure areas in the building. Sara should immediately implement which of the
following?

A.
Acceptable Use Policy

B.
Physical security controls

C.
Technical controls

D.
Security awareness training

Explanation:
Security awareness and training include explaining policies, procedures, and current threats to both users
and management. A security awareness and training program can do much to assist in your efforts to
improve and maintain security. A good security awareness training program for the entire organization
should cover the following areas: Importance of security; Responsibilities of people in the organization;
Policies and procedures; Usage policies; Account and password-selection criteria as well as Social
engineering prevention.
Incorrect Answers:
A: Companies generally have acceptable use policies regarding how computers can be used within the
organization.
B: Physical security controls refers to actual physical barriers such as an external entrance to a building
(perimeter), locked doors and entrance to the secure/computer room itself. In this scenario the
unauthorized personnel already have access codes to the cipher locks of secure areas.
C: Technical Controls are usually implements using technology such as firewalls, IDS, IPS, etc.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 399-404, 420