Mark works as a Security Officer for TechMart Inc. The company has a Windows-based network. He
has bees assigned a project for ensuring the safety of the customer’s money and information, not to
mention the company’s reputation. The company has gone through a security audit to ensure that it
is in compliance with industry regulations and standards. Mark understands the request and has to
do his due diligence for providing any information the regulators require as they are targeting
potential security holes. In this situation, his major concern is the physical security of his company’s
system. He has a concern that people are authenticated to the servers in the data center. Which of
the following actions will Mark take to prevent normal users from logging onto the systems?

A.
Call a team member while behaving to be someone else for gaining access to sensitive
information.

B.
Use group policies to disable the use of floppy drives or USB drives.

C.
Provide protection against a Distributed Denial of Services attack.

D.
Develop a social awareness of security threats within an organization.

Explanation:
To prevent normal users from logging onto the systems, it is required to create a group policy that
can be applied to the servers to Deny Log on Locally for all non-administrative users. It will create a
problem for the people who are in the data center with physical access. However, normal users
should not have the ability to log on locally.

Answer C While stressing the Con?dentiality, Integrity, and Availability triangle in the training of
users, the process of providing availability is related to security training to ensure the protection
against a Distributed Denial of Services attack.