PrepAway - Latest Free Exam Questions & Answers

Which of the following is not a factor he needs to consider when choosing the products?

Harrison is evaluating access control products for his company. Which of the following is not a factor he needs to consider when choosing the products?

PrepAway - Latest Free Exam Questions & Answers

A.
Classification level of data

B.
Level of training that employees have received

C.
Logical access controls provided by products

D.
Legal and regulation issues

Explanation:
B: When a company needs to decide upon the type of access control products they need, they should understand the company’s legal requirements, the sensitivity of the data on
their systems that need to be protected, and the types of technical controls used by the access control system. However, an access control system choice should not be based on the
previous training the staff has received. Employees will need to be trained after the access control system’s rollout, but training is the least important issue listed in this question.
A is incorrect because it is important for a company to consider the classification level of data when choosing an access control product. Different security mechanisms can supply
different degrees of availability, integrity, and confidentiality. The environment, the classification of data that is to be protected, and the security goals must be evaluated to ensure the
proper security mechanisms are bought and put into place. Many corporations have wasted a lot of time and money not following these steps but instead buying the new “gee whiz”
product that recently hit the market.
C is incorrect because the company should consider the logical access controls that are necessary for its identification, authentication, authorization, and accountability
requirements. Logical access controls are software components that enforce access control measures for systems, programs, processes, and information. The logical access controls
can be embedded within operating systems, applications, add-on security packages, or database and telecommunication management systems.
D is incorrect because legal and regulation issues should be considered when choosing and setting up an access control product. The company must ensure that due care is being
taken to control access to data that may be sensitive and is protected under different laws and regulations. Such measures may protect the company from fines and other penalties
should they experience a data breach.


Leave a Reply