Bit of a stupid question on the CISM Q&A Database

CyberCop123CyberCop123 Senior MemberPosts: 328Member ■■■■□□□□□□
What's your views on this question... what do you think the best answer is?  Answer in the next post....

Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers?

A. Restrict the available drive allocation on all personal computers

B. Disable USB ports on all desktop devices

C. Conduct frequent awareness training with noncompliance penalties

D. Establish strict access controls to sensitive information
My Aims
2017: OSCP -
COMPLETED
2018: CISSP -
COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
COMPLETED
           GIAC GREM - Reverse Engineering of Malware -
COMPLETED

2020: MCSA, OSCE

Comments

  • CyberCop123CyberCop123 Senior Member Posts: 328Member ■■■■□□□□□□
    edited December 2018
    I chose B ... to disable USB ports on desktop devices. 

    However, apparently this is wrong.  The correct answer is A - Restrict the available drive allocation on personal computers. 

    Not quite sure I get this.  Of course you can disable all USB ports from data sticks - my organisation does it and we can still use USB keyboard and mice.  This is wrong in my view.  The best way to prevent use of USB drives to copy files is to disable USB ports across the entire business.  


    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2020: MCSA, OSCE
  • cyberguyprcyberguypr Senior Member Posts: 6,834Mod Mod
    edited December 2018
    Before reading the answer I was goign to say that you need to take this literally at face value as to "kill" the ports.  My logic was exactly that if you disable all USB ports you can't connect keyboards, mice, biometric readers, etc.  Disabling means interrupting/incapacitating something which in this context would imply some sort of denial of service or other major outage implication. Restricting means selectively limiting, which is the intended purpose of the control.
  • DntH8MeDntH8Me CISSP | CASP | CySA | LPIC-1 | Sec + | ITILv3 Posts: 73Member ■■■□□□□□□□
    If it makes you feel better from a 'technical' standpoint B does work but you are studying for a managerial exam. In this case I would say A is a more complete answer because there are other ways besides usb to attach mass storage devices. So "just" restricting the usb and relying on users to not attach a mass storage device by other means wouldn't be a good management choice.
    2019 Certification Goals: ​CEH | PenText + | CISM? | stop procrastinating
  • paul78paul78 Posts: 3,013Member ■■■■■■■■■■
    edited December 2018
    Yup - I would agree with you. That seems like it's a technically incomplete question/answer. The choice of A is actually not accurate. For one thing, it doesn't apply to Macs and Linux based desktops which are increasingly common in certain industries. Also - it's actually possible to address a drive by using the volume ID instead of a drive letter in Windows.
  • kaijukaiju Posts: 400Member ■■■■■■□□□□
    edited December 2018
    If you disable the USB port you will lose the ability to connect devices on all OS platforms.
    An administrator can utilize GPO (in Windows systems) to restrict removable storage access. The GPO options can be specified to target CD/DVD, removable disks (HDD and thumb drives), tape drives, and so forth. Using this method would allow USB devices such as a keyboards,mice, printers and other peripherals to be connected without issue.
    Work smarter NOT harder! Semper Gumby!
Sign In or Register to comment.