CompTIA Core 2 Objective 4.6 - Operational Procedures - Policy Concepts

Policy Concepts

1 / 12

During an incident response, why is it important to document every action taken?

To provide a detailed report for insurance claims.

To ensure that the incident can be recreated later.

To maintain a record for auditing and future reference.

To keep employees informed about the progress.

2 / 12

Your company needs to retain certain types of data for a specified period. What is a best practice for managing this data?

Store all data indefinitely.

Delete data as soon as it is no longer needed for immediate use.

Implement a data retention policy that complies with legal and regulatory requirements.

Store data in an unstructured format.

3 / 12

You are auditing the software licenses for your company and find several installations of software with expired licenses. What should be your course of action?

Renew or purchase new licenses for the software.

Ignore the expired licenses.

Uninstall the software immediately.

Continue using the software without renewal.

4 / 12

Your team is considering using an open-source software for a new project. What should you verify about the open-source license before proceeding?

The software is free to download.

The license terms allow for commercial use and modifications.

The software has good reviews.

The software has a user-friendly interface.

5 / 12

You discover that a company laptop containing sensitive information has been stolen. What is the first step in maintaining the chain of custody for the incident?

Wipe the laptop remotely.

Document the last known location of the laptop and who last had possession.

Notify all employees about the theft.

Purchase a new laptop immediately.

6 / 12

After discovering a breach in the company’s network, what should you do immediately after securing the system to prevent further unauthorized access?

Notify management and law enforcement.

Delete all logs to remove traces of the breach.

Change all employee passwords.

Inform the employees to reset their passwords.

7 / 12

Your company collects and stores PII. What measures should be taken to ensure compliance with data protection regulations?

Allow open access to PII for all employees.

Implement access controls and encryption for PII.

Share PII freely with third-party vendors.

Store PII in a public cloud without security measures.

8 / 12

A critical server has been compromised by malware. What is the best practice to ensure data integrity and preservation before beginning the cleanup process?

Reboot the server to remove the malware.

Delete the infected files.

Copy the drive to create an image for investigation.

Format the server and reinstall the operating system.

9 / 12

Your company processes credit card transactions. What security measure must you implement to protect this regulated data?

Encrypt all credit card data during transmission and storage.

Store credit card numbers in plain text.

Share credit card data with third-party vendors without encryption.

Allow employees to write down credit card numbers for record-keeping.

10 / 12

You are installing new software for your company. Why is it important to review and comply with the End-User License Agreement (EULA)?

To understand the software’s compatibility with your system.

To ensure compliance with the terms and conditions of software use.

To find out the software’s file size.

To get a discount on future purchases.

11 / 12

Your company uses software that includes DRM. What is the purpose of DRM in this context?

To make the software run faster.

To protect the software from unauthorized use and piracy.

To increase the software’s features.

To make the software compatible with all devices.

12 / 12

Your company handles healthcare data. Which regulation should you comply with to ensure the protection of this data?

PCI-DSS.

HIPAA.

GDPR.

SOX.

Your score is

Exit

CompTIA Core 2 Objective 4.6 – Operational Procedures – Policy Concepts