Exam CISSP topic 1 question 45 discussion

They are no longer with the organization. So, ignore them.

Why D? Policy is confidential and no question to responding to ex-employees. I would ignore.

"a copy of the organization's CONFIDENTIAL incident management policy"

sounds like a question of ethics and professionalism. agree with option D

What if asked in person or over the phone, question doesn't specify how he asked, bad question.

C just sounds like a remission to me.

Ideally, answer should be "Reply that this document is confidential and that he has no more access privilege to it". Since that is not possible, let's consider. A and B are out (you do not 'declassify' confidential documents informally) C is... unprofessional and as pointed out leaves possibility open for other colleagues to answer with A or B and compromize the document. With D, you are certain that - If he has legitimate reason to access it, then it will be authorized and traced - If he has none, then it will be properly denied (and traced again) C is D

D. Submit the request using company official channels to ensure the policy is okay to distribute. Explanation: Option D is the most appropriate response because it ensures that proper procedures are followed for distributing sensitive organizational policies, especially after the colleague has left the organization. By submitting the request through official channels, such as contacting the appropriate personnel in the organization's administration or legal department, it allows for proper review and authorization before sharing the policy.

Options A and B may compromise the confidentiality of the policy by potentially exposing it to unauthorized individuals or distribution channels. Option C is not a proactive or professional approach to handling the request and could lead to misunderstandings or potential legal issues. Therefore, option D is the most appropriate and responsible course of action in this situation.

At a minimum, that data is classified as Sensitive. Which means that it is for internal user only.

These answers are all bad but D makes the most sense because you should always report these kinds of requests to someone.

As the colleague is no longer part of the organization, they no longer have a legitimate need to access the confidential incident management policy. Ignoring the request and not acknowledging receipt helps maintain the confidentiality and security of the policy.

Answer is C, always think like a manager as you know these are confidential and are red line. For D, you would look bad since your employees expect you to know what can be shared and what is not. If this wasn't a CISSP exam question, D might be on the table for a normal employee.

it's confidential

Not acknowledging receiving the request from the former colleague and ignoring them may be rude or unprofessional, and may also raise suspicion or resentment from the former colleague

C. Keyword is confidential.

D is the BEST answer. "Do not acknowledge receiving the request" equals to lie. As a CISSP professional, you should achieve to the Code of Ethics Canons - "#2 Act honorably, honestly, justly, responsibly, and legally"