CompTIA Security+ (SY0-501) — Question 549

An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected.
Which of the following is the MOST appropriate actions to take?

Answer options

• A. Flip the documents face down so no one knows these documents are PII sensitive
• B. Shred the documents and let the owner print the new set
• C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer
• D. Report to the human resources manager that their personnel are violating a privacy policy

Correct answer: D

Explanation

The correct answer is D because reporting the violation is essential for addressing the failure to protect personally identifiable information (PII). Options A, B, and C do not effectively resolve the issue or ensure that sensitive information is adequately protected from unauthorized access.