CompTIA PenTest+ (PT0-001) — Question 167

A company's corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?

Answer options

• A. Company policies must be followed in this situation.
• B. Laws supersede corporate policies.
• C. Industry standards regarding scanning should be followed.
• D. The employee must obtain written approval from the company's Chief Information Security Officer (CISO) prior to scanning.

Correct answer: D

Explanation

The correct answer is D because, despite company policies allowing scanning, obtaining written approval from the CISO ensures compliance with both corporate and legal standards. Option A is incorrect as it overlooks the legal implications. Option B is also wrong since it doesn't consider the specific company protocol that requires CISO approval. Option C is irrelevant in this context as industry standards do not override company policies or legal requirements.