Exam 220-1102 topic 1 question 122 discussion

The correct answer is A. acceptable use policy. Acceptable use policies are designed to protect the security and privacy of user accounts and data, and it is a violation of these policies for a technician to log in to a user’s account without the user’s explicit permission. Regulatory compliance requirements are not related to this issue, as they generally refer to specific laws and regulations that a company must follow, such as those related to data privacy and security. Non-disclosure agreements typically refer to contracts that are signed between two or more parties, and may not apply in this situation. Incident response procedures generally refer to steps that a company takes in response to a security incident, such as a data breach, and do not apply here.

I'm leaning towards B. My reasoning is that the question states "critical email". We don't necessarily know what type of information could be in that email. It can range from PII, Health Care information esc. Since those fall within the category of Common compliance requirements which are EU GDPR (General Data Protection Regulation) GLBA (Gramm-Leach-Bliley Act) HIPAA (Health Insurance Portability and Accountability Act) PIPEDA (Personal Information Protection and Electronic Documents Act) CCPA (California Consumer Privacy Act). These are all Regulatory Compliance Requirements. Even though the user gave the technician permission to log on, this isn't something the technician should do. Which falls under the "least privilege access rule". This isn't something the technician is required to do his/her job so the technician should not be engaging and that's why the technician refused.

Policy Enforcement: An Acceptable Use Policy is a clearly defined internal policy that explicitly dictates how accounts, credentials, and access rights are managed. It commonly covers the scenario described: technicians should never log into another user's account, regardless of the user's permission, because it undermines individual accountability. Explicitness of the scenario: The situation described ("technician receives credentials from the user and refuses to log in") directly aligns with a classic acceptable-use violation scenario. Most organizations have explicit AUP terms covering credential-sharing, prohibiting precisely this action, which aligns perfectly with option A.

The correct answer is A. acceptable use policy. Acceptable use policies are designed to protect the security and privacy of user accounts and data, and it is a violation of these policies for a technician to log in to a user’s account without the user’s explicit permission. Regulatory compliance requirements are not related to this issue, as they generally refer to specific laws and regulations that a company must follow, such as those related to data privacy and security. Non-disclosure agreements typically refer to contracts that are signed between two or more parties, and may not apply in this situation. Incident response procedures generally refer to steps that a company takes in response to a security incident, such as a data breach, and do not apply here.

This is definitely regulatory compliance since there could be data contained on the users account and email which the technician is not supposed to have access to. Acceptable use policies typically give guidelines for what users are allowed to do with their devices. For instance, it might mention the user performing some illicit activity on their work laptop like crypto mining. This isn't a question about someone misusing a device.

A is the answer

(AUP) Acceptable use policy is the answer.

The Answer is A, Acceptibale use policy (AUP). Regulatory compliance involves following external legal mandates set forth by state, federal, or international government.

B is the answer

B should be the Answer

Thats a compliance issue. Complying to HIPAA, GDPR etc... Not an acceptable Usage issue