CompTIA CASP+ (CAS-003) — Question 128

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's
DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.
Which of the following would be the MOST efficient control to prevent this from occurring in the future?

Answer options

• A. Install application whitelist on mobile devices.
• B. Disallow side loading of applications on mobile devices.
• C. Restrict access to company systems to expected times of day and geographic locations.
• D. Prevent backup of mobile devices to personally owned computers.
• E. Perform unannounced insider threat testing on high-risk employees.

Correct answer: C

Explanation

The correct answer, C, is effective because restricting access to company systems based on specific times and locations can significantly reduce the risk of unauthorized access after termination. Options A and B focus on application control but do not directly address access rights post-termination. Option D is relevant to data security but does not prevent access during employment. Option E, while useful for identifying threats, does not prevent the issue at the time of termination.