An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion: -> Systems containing PII are protected with the minimum control set.

-> Systems containing medical data are protected at the moderate level.

-> Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

Question

An organization has established the following controls matrix:

Minimum Moderate High
Physical Security Cylinder Lock Cipher Lock Proximity Access
Card
Environmental Surge Protector UPS Generator
Security
Data Security Context Based MFA FDE
Authentication
Application Security | Peer Review Static Analysis Penetration Testing
Logical Security HIDS NDS NPS

The following control sets have been defined by the organization and are applied in aggregate fashion: -> Systems containing PII are protected with the minimum control set.

-> Systems containing medical data are protected at the moderate level.

-> Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

Exam-Answer · Accepted Answer

Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.

Question 85 of 270 from exam CAS-003: CompTIA CASP+

Question

Answers

Explanations