Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing
unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot
change their permissions. Which of the following would BEST alleviate her concerns?

A network administrator, Joe, arrives at his new job to find that none of the users have changed their network
passwords since they were initially hired. Joe wants to have everyone change their passwords immediately.
Which of the following policies should be enforced to initiate a password change?

Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file.
Currently, the file has the following permissions:
Ann:read/write
Sales Group:read
IT Group:no access
If a discretionary access control list is in place for the files owned by Ann, which of the following would be the
BEST way to share the file with Joe?

Ann was reviewing her company’s event logs and observed several instances of GUEST accessing the
company print server, file server, and archive database. As she continued to investigate, Ann noticed that it
seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and
often logging in at the same time. Which of the following would BEST mitigate this issue?

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign
read and write privileges to her folders. The network administrator is tasked with setting up the initial access
control system and handing Ann’s administrative capabilities. Which of the following systems should be
deployed?

Which of the following is the BEST reason for placing a password lock on a mobile device?

A security administrator must implement a system that will support and enforce the following file system access
control model:
FILE NAMESECURITY LABEL
Employees.docConfidential
Salary.xlsConfidential
OfficePhones.xlsUnclassified
PersonalPhones.xlsRestrictedWhich of the following should the security administrator implement?

An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it
was determined that users were recycling previously used passwords. Which of the following password
enforcement policies would have mitigated this issue?

A recent review of accounts on various systems has found that after employees’ passwords are required tochange they are recycling the same password as before. Which of the following policies should be enforced to
prevent this from happening? (Choose two.)

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key
encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these
devices?