CompTIA CASP+ (CAS-003) — Question 104

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?

Answer options

• A. Disk encryption on the local drive
• B. Group policy to enforce failed login lockout
• C. Multifactor authentication
• D. Implementation of email digital signatures

Correct answer: A

Explanation

Disk encryption on the local drive protects sensitive data by making it unreadable without proper authentication, thereby significantly reducing the risk of exposure if a device is lost or stolen. While multifactor authentication and failed login lockout policies enhance access security, they do not directly protect data on the device itself. Email digital signatures ensure message integrity but do not address the risk of data being accessed on personal devices.