A call center handles inquiries into billing issues for multiple medical facilities. A security analyst notices that call center agents often walk away from their workstations, leaving patient data visible for anyone to see. Which of the following should a network administrator do to BEST prevent data theft within the call center?
The best way to prevent data theft within the call center where agents often leave their workstations unattended is to lock the workstations after five minutes of inactivity. This method ensures that unauthorized individuals cannot access sensitive patient data when the agents are away from their workstations. While other options like encrypting the hard drives, installing privacy screens, or logging off users when their workstations are not in use can provide some level of protection, they do not specifically address the problem of unattended workstations as effectively and conveniently as automatically locking the screen after a short period of inactivity.
How could D not be the BEST way to prevent data theft here?
Well, it doesn't define what "in-use" means in the answer. If the technician is logged in, technically the workstation is in-use. So, if they walked away after logging in the computer is still in use and displaying information. The only answer here that actually provides a solution in the text is a 5-minute lockout timer. Because D is worded so poorly, I would always choose B here.
because D states= log off the users when their workstations are not in use. (meaning someone else have to log off from their workstation when its not in use and not the user itself). And If admin or supervisor is in the room when the user leaves they might logg off different user.
Because option D goes way further than necessary. Locking the device is enough, what if the technician stepped away for a couple of minutes? Having to login every time you step away is pretty cumbersome.
Locking the workstations after five minutes of inactivity still leaves a 5 minute window for data theft. I'll go with D.
LOL I thought the same, but who is locking these computers? The technician? Best chance at mitigation is answer B.
The answer is B because the issue isn't about people being able to SEE the data from far away. The users are leaving their stations unattended for long periods of time, frequently. Only a lockout screen after 5 minutes of inactivity will solve that.
Why cant it be C? Having a privacy screen eliminates all the shoulder surfing attacks.
Agreed, I believe this is the issue this question is adressing
I think it's privacy screens since the question seems to emphasize being able to see the screens while they are away. But locking out after 5 minutes still leaves 5 minutes of downtime where anyone can see their screens walking by.
privacy screens only help, that you can read only if you look perpendicular to the screen. So everybody can read, if he moves a little bit
I think the answer is B because the issue is with users leaving the PC unnatended. A privacy screen will not help this but a lockout screen will.
It's a poorly worded answer because D almost sounds like the administrator would have to personally log off the users if they noticed unattended systems but I still think it's the correct answer due to the information below. Log off when not in use—A lunchtime attack is where a threat actor is able to access a computer that has been left unlocked. Policies can configure screensavers that lock the desktop after a period of inactivity. Users should not depend on these, however. In Windows, START+L locks the desktop. Users must develop the habit of doing this each time they leave a computer unattended.
B anD should be on one sentence haha weird choices
ChatGPT says: The BEST option to prevent data theft within the call center is to lock the workstations after five minutes of inactivity. This ensures that unauthorized individuals cannot access the patient data when the agents are away from their workstations. Encrypting the workstation hard drives and installing privacy screens can also provide some level of protection, but they do not address the issue of agents leaving their workstations unattended. Logging off users when their workstations are not in use may also provide some level of protection, but it can be inconvenient for the agents to have to log in every time they return to their workstation. Therefore, locking the workstations after a period of inactivity is the most effective and practical solution to prevent data theft.
I just Char GPT'd this and got this: Log off the users when their workstations are not in use. why? Logging off the users when their workstations are not in use is the best way to prevent data theft in the call center. Encrypting the workstation hard drives, locking the workstations after five minutes of inactivity, and installing privacy screens will not prevent data theft.
The best solution here is to lockout the screen after 5 minutes of inactivity.
Read the question... Privacy screens prevent shoulder surfing.
Privacy Screens help prevent shoulder surfing. Locking the work station after inactivity is the correct answer
Privacy screens block visibility of anyone not looking directly at the screen. Locking the workstations only works after 5 minutes. It is definitely C.
What is the difference between this and the Police Officer question? It has the same cintext?
Answer is B. It says call centre agentS, does the security analyst really want to log off all the agents' account manually when each of them leave?
why i have to walk to user device and lock his computer ? what about if there are many of htem there ? so i will go for B :(