CompTIA Security+ (SY0-501) — Question 660

An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements:
✑ Soft copy PII must be encrypted.
✑ Hard copy PII must be placed in a locked container.
✑ Soft copy PHI must be encrypted and audited monthly.
✑ Hard copy PHI must be placed in a locked container and inventoried monthly.
Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer (CSO).
While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take?

Answer options

• A. Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO
• B. Take custody of the document, secure it at a desk, and report the incident to the CSO
• C. Take custody of the document and immediately report the incident to the CSO
• D. Put the document back in the cabinet, inventory the contents, lock the cabinet, and report the incident to the CSO

Correct answer: A

Explanation

The correct action is to return the document to the cabinet, lock it, and report the incident to the CSO, as this complies with the established protocol for handling sensitive data. Taking custody of the document (options B and C) could lead to unauthorized access or mishandling, while inventorying the contents (option D) is not necessary in this situation and does not align with the immediate reporting requirement.