Skip to Content

CompTIA Security+ (Plus): What Security Measure Prevents Employees from Copying Data to USB Drives?

By: Author Alex Lim

Posted on

Categories Exam

What security measure prevents employees from copying sensitive data to USB drives? Learn how disabling USB ports in BIOS or Group Policy blocks unauthorized data transfers and strengthens endpoint security—essential for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

A company wants to ensure that employees cannot copy sensitive company data to USB drives. What security measure should be implemented?

A. Enable full-disk encryption
B. Disable USB ports in BIOS or Group Policy
C. Implement a firewall rule
D. Use a honeypot
E. Set up an intrusion detection system

Answer

B. Disable USB ports in BIOS or Group Policy

Explanation

Disabling USB ports or restricting USB device access through Group Policy prevents unauthorized copying of sensitive data.

To prevent employees from copying sensitive company data to USB drives, the most effective security measure is to disable USB ports in BIOS or Group Policy.

Disabling USB ports at the BIOS level or through Group Policy ensures that computers cannot recognize or communicate with USB storage devices, effectively blocking any attempt to transfer data to removable media.

This approach can be implemented organization-wide through centralized management tools or Group Policy Objects (GPOs) in Windows environments, allowing administrators to enforce USB restrictions for all users except those explicitly authorized (such as local administrators).

USB blocking is a critical component of endpoint data loss prevention (DLP) strategies, protecting against insider threats and accidental data leakage by eliminating one of the most common vectors for large-scale data exfiltration.

Advanced solutions allow for granular control, such as blocking only mass storage devices while permitting keyboards and mice, or setting USB ports to read-only mode to prevent data writing but allow device charging or reading.

Disabling USB ports is supported by industry best practices and is widely used in regulated industries to maintain compliance and secure sensitive information.

Disabling or restricting USB ports through BIOS settings or Group Policy prevents unauthorized use of USB drives, effectively blocking employees from copying sensitive data to removable media and significantly reducing the risk of data breaches.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.