Just when I think I’ve gotten the hang of answering practice CISSP questions, a few come along that make me want to quit information security altogether. Ha, not really, I live for this!
Especially since everything I find out, I can share with you!
Here is a question that relates to the Access Control domain:
By law, organizations have to notify employees when their internet and other activities are monitored within the workplace. What is the best method to notify external users that their actions are being monitored?
A. Device or application logon banner
B. Written agreement upon employment with organization
C. Wall poster as required by Federal law
D. Security awareness training
For employees, a written agreement is required by law for the organization to monitor them. The first part of the question was misleading as it talked about employees. However, the question asked the best method for notifying “external” users, those who are not within the organization. They don’t have employment agreements, won’t see wall posters, and aren’t trained by the organization, so the answer is A, logon banners.
Thanks for reading!