Question 1

Standard operating procedure is correct.

Standard operating procedure specifies the exact step by step actions operators must perform to complete a specific task. It translates higher level rules into task level instructions and checklists so work is repeatable and verifiable. That procedural and prescriptive nature is what makes it the precise match for a request for step by step actions.

Security baseline is incorrect because a baseline defines required configuration settings or minimum security levels for systems rather than a sequence of actions to perform a task. A baseline tells you what settings to enforce and not how to perform an operational task.

Organizational policy statement is incorrect because a policy is high level and states objectives rules and responsibilities. A policy describes what must be achieved and not the detailed steps staff must follow to complete a task.

Guidance document is incorrect because guidance provides recommendations and best practices and it is often optional. Guidance may include examples but it does not usually mandate the precise step by step procedures that a standard operating procedure provides.

Cameron’s Certification Exam Tip

When the question asks for exact step by step actions pick a procedure rather than a policy or baseline. Policies set direction and baselines set configurations while procedures give repeatable task steps.

Question 2

The correct answer is Exact file fingerprinting using hashes.

Exact file fingerprinting using hashes generates a cryptographic digest of the entire file and compares those digests to recognize identical files. Cryptographic hash functions are designed for collision resistance so the probability of two different files producing the same digest is negligible. That collision resistance is what allows exact file fingerprinting to detect complete sensitive documents leaving the network even when filenames or metadata change.

Conceptual lexicon and pattern lists rely on keyword lists and contextual rules to find sensitive content and they do not use cryptographic hashes. They are useful for term based detection but they cannot reliably detect exact file copies.

Cloud DLP API is an interface to a service and not the specific hash based method described in the question. The API may offer multiple detection techniques but invoking the API is not itself the collision resistant hashing approach the question asks about.

Database fingerprinting typically fingerprints structured records or fields rather than producing whole file cryptographic hashes. It is focused on database row or column data and not on file level exact matches for document exfiltration detection.

Rule based detection using regexes and patterns searches for textual patterns and formats and it can generate false positives or false negatives for whole file detection. Regex and pattern rules do not depend on collision resistant cryptographic hashing and so they are not the method the question describes.

Cameron’s Certification Exam Tip

When a question asks about detecting identical files or exact matches think about cryptographic hashes and exact file fingerprinting instead of pattern matching or service names.

Question 3

Prioritizing a thorough inventory of all IT assets is correct because it directly expresses the principle that you cannot protect what you do not know about.

A complete inventory gives the visibility required to identify and classify hardware software and cloud services so that risk assessments patching monitoring and access controls can be applied where they are needed.

Investing in Cloud Security Command Center is incorrect because this is a specific product that can help with cloud visibility but it does not capture the general practice of cataloging all assets across the enterprise.

Emphasizing hiring highly specialized security engineers is incorrect because skilled personnel are important but the saying is about discovering and knowing assets first rather than relying on staffing alone.

Focusing only on physical security controls is incorrect because that approach misses software configurations cloud resources and other nonphysical assets and the principle applies to all asset types.

Cameron’s Certification Exam Tip

When you see choices that mention inventory or asset discovery on the exam pick them when the question emphasizes visibility or what can be protected.

Question 4

Servers are updated according to the organization patch management process and receive current security fixes is correct because it describes an active, documented control that shows the organization is maintaining its security posture and managing risks.

Applying patch management and timely security fixes demonstrates ongoing attention to vulnerabilities and provides tangible evidence for auditors that due diligence is being practiced. Regular updates reduce exposure to known threats and show that the organization follows its governance and compliance processes.

Data custodians have not documented the enterprise data protection framework is incorrect because missing documentation of a data protection framework is a governance gap. That omission indicates a failure to perform required oversight and it is a breach of due diligence.

System administrator omits the required three week vacation schedule is incorrect because mandatory, enforced vacations are a control to detect fraud and ensure segregation of duties. Not following that schedule is a breakdown of controls and thus a violation of due diligence.

The security policy is no longer current or aligned with standards is incorrect because an outdated policy means governance and compliance activities are not being maintained. A current and aligned security policy is a basic expectation of due diligence and its absence is a breach.

Cameron’s Certification Exam Tip

When you see a choice that shows an ongoing, documented process such as regular patching, favor it. Focus on answers that demonstrate active maintenance and verifiable evidence of controls rather than absent or outdated documentation. Emphasize ongoing actions when assessing due diligence.

Question 5

The correct answer is Biometrics.

Biometrics refers to authentication techniques that rely on unique physical or physiological traits of a person. Fingerprint scans retinal scans and iris scans are classic biometric modalities used to confirm the identity of someone requesting access to systems or data.

Physiometrics is not the standard term used in information security. The accepted and widely used term for fingerprint retinal and iris based verification is biometrics.

Behavioral biometrics focuses on patterns of behavior such as typing rhythm gait or mouse movement. Those behavioral methods do not describe physical scans like fingerprints or iris scans so this option is incorrect.

Micrometrics is not a recognized term for human identity verification by biological traits and it does not refer to fingerprint retinal or iris scanning. That makes it incorrect for this question.

Cameron’s Certification Exam Tip

When you see specific examples such as fingerprint or iris scans think Biometrics and distinguish those from options that describe behaviors or use unfamiliar terminology.

Question 6

The correct options are False acceptance rate, Crossover error rate, and False rejection rate.

False acceptance rate measures the proportion of impostors who are incorrectly granted access. It is a standard scalar metric for biometric systems and it quantifies the system risk of allowing unauthorized users.

False rejection rate measures the proportion of genuine users who are incorrectly denied access. It is the complementary error to the acceptance side and it quantifies the user convenience impact of the system.

Crossover error rate is the operating point where the False acceptance rate and the False rejection rate are equal. It is commonly reported as a single number that summarizes the trade off between security and usability and lower values indicate better overall biometric performance.

Detection error tradeoff is not one of the three scalar metrics. It usually refers to a DET curve which visualizes the trade off between false acceptances and false rejections across thresholds rather than providing a single performance number.

Negative error rate is not a standard biometric performance term. It may be a misnomer for a false negative concept, but the standard terms used in biometric evaluation are False rejection rate for false negatives and False acceptance rate for false positives.

Cameron’s Certification Exam Tip

When you see biometric performance questions look for the three scalar metrics FAR, FRR, and EER and remember that curves like DET or ROC are visualization tools rather than single performance metrics.

Question 7

Precursor is correct.

Systematic probes across multiple host ports are reconnaissance actions that attackers use to map targets and find open services. That kind of activity is a classic Precursor because it happens before exploitation and it signals preparatory intent rather than proof of a successful breach.

IoA is incorrect because indicators of attack generally describe behaviors that show an attack is in progress such as exploit attempts, privilege escalation, or lateral movement. Port scanning is preparatory reconnaissance and is more appropriately labeled a Precursor than an ongoing attack indicator.

Indicators of Compromise (IoCs) is incorrect because IoCs are artifacts left by a successful compromise such as malicious files, altered system artifacts, or confirmed command and control traffic. A port scan alone does not demonstrate that a system has been compromised.

Indicator is incorrect because it is a generic term and not the specific taxonomy term used for preparatory reconnaissance. The correct, specific category for scanning activity is Precursor.

Cameron’s Certification Exam Tip

When a question describes scanning, probing, or reconnaissance think preparation rather than evidence of a breach or an in progress exploit.

Question 8

The correct option is Unrecoverable data loss. This choice best matches the type of failure that causes the most severe and long lasting business interruption for a mid sized technology consultancy.

When a consultancy experiences Unrecoverable data loss it can lose client deliverables source code configurations and billing and contractual records. Loss of those assets stops revenue generation damages client trust and can require lengthy rebuilding and legal remediation which makes the interruption far more severe than a temporary outage.

Recovery from infrastructure or application failure usually depends on restoring data. If data cannot be recovered then failover and replacement strategies are of limited use. That is why Unrecoverable data loss carries the greatest business impact when backups or other long term recovery mechanisms are not available or fail.

Extended network connectivity outage can disrupt access and productivity but it is often mitigated by redundant circuits alternate connectivity and the ability to work offline. Network outages tend to be temporary and do not by themselves destroy stored business data.

Major hardware or system software breakdown can be serious but hardware can be replaced and software can be reinstalled or restored from images and backups. Such breakdowns rarely cause permanent loss of critical business information when standard recovery controls are in place.

Core application platform failure may stop key services and be high impact for users but platforms are often designed with clustering failover and provider recovery options. Platform failures are usually recoverable if data remains intact and accessible.

Cameron’s Certification Exam Tip

Focus on the long term impact on data recoverability rather than short term downtime. If an event makes recovery impossible it is usually the most severe choice to pick.

Question 9

The correct option is Encryption.

The Digital Signature Standard defines how to create and verify Digital signatures and so it provides Integrity verification and supports Entity authentication. The standard specifies signature algorithms and verification procedures and it is not intended to provide confidentiality. For that reason Encryption is not a service provided by the Digital Signature Standard.

Integrity verification is incorrect because digital signatures detect any alteration of signed data and so the standard delivers integrity protection.

Digital signatures is incorrect because that is the primary function of the standard and the option therefore does not answer which service is not fulfilled.

Entity authentication is incorrect because verifying a signature confirms that the signer controls the private key and so the standard supports authentication of the signer.

Cameron’s Certification Exam Tip

When a question asks which service a signing standard does not provide remember to separate signing from confidentiality. Signing gives integrity and authentication and not encryption.

Question 10

Data download or copying to the endpoint is the correct choice because it creates the largest and most persistent data security risk when a user is working remotely with an unreliable VPN.

When a user performs Data download or copying to the endpoint sensitive information is removed from the controlled corporate environment and placed on a device that may be unmanaged or inadequately protected. Once data exists on the endpoint it is far harder to enforce access controls or Data Loss Prevention and it can be retained, shared, or exfiltrated without corporate visibility.

Data remanence is not the best answer because it refers to residual information left on storage after deletion and is mainly a concern for media sanitization or decommissioning rather than the active risk of a remote user copying files to their device.

Use of unauthorized cloud file sharing is a meaningful risk but it is less directly aligned with the scenario. The question highlights slow internal access and a local download bypasses corporate controls more immediately than moving data to an unsanctioned cloud service in many remote work situations.

Data displayed or output on the screen can lead to transient exposures such as shoulder surfing or screenshots but it does not produce the same persistent, portable copies that downloading or copying to the endpoint does and so it poses a lower long term exfiltration risk in this context.

Cameron’s Certification Exam Tip

Question 11

The correct answer is Twisted Pair cables. The Category designations such as CAT4 and CAT6 are classifications for copper twisted pair cabling families and they describe performance levels for unshielded and shielded variants used in Ethernet networks.

Category numbers define electrical performance and maximum frequency for the twisted pair family and they are the standard way to identify copper Ethernet cable grades from early low speed types up to modern high speed types.

Fiber optic cables are a different transmission medium that use glass or plastic fibers to carry light and they do not use the CAT numbering scheme for copper twisted pair cables.

Shielded twisted pair cabling is a subtype of the twisted pair family and it is not the overall family name asked for. Shielded variants may also receive category ratings but the family that includes CAT4 and CAT6 is the broader twisted pair family.

Coaxial cables use a single center conductor with a surrounding shield and they follow different standards and naming conventions rather than the CAT classification used for twisted pair copper cabling.

Cameron’s Certification Exam Tip

When you see CAT numbers think twisted pair copper cabling and not fiber or coax. Remember that shielded or unshielded are subtypes of the same family.

Question 12

It preserves the integrity of records used in security investigations is correct.

Protecting audit logs from alteration and unauthorized access ensures that the records investigators rely on remain accurate and trustworthy. Reliable logs support a clear chain of custody and allow analysts to reconstruct events without concern that evidence was changed or deleted, and that is essential for both internal incident response and legal or regulatory reviews.

Cloud Logging is incorrect because it names a logging service rather than giving a reason why safeguarding logs matters. The question asks for the purpose of protecting logs during investigations and compliance activities, not for a product name.

It boosts overall system performance is incorrect because log protection does not improve runtime performance. Securing logs is about integrity, confidentiality, and availability of audit data, and it is separate from efforts to optimize system throughput or latency.

It reduces the burden of long retention policies is incorrect because safeguarding logs does not change retention requirements. Retention policies are determined by legal and business rules and securing logs typically complements retention by ensuring stored records remain trustworthy while they are kept.

Cameron’s Certification Exam Tip

When choices mention logs and investigations look for words like integrity or chain of custody as those concepts usually point to the correct answer on forensics and compliance questions.

Question 13

Choose an alternate recovery location is the correct answer because choosing a recovery site is an action taken during business continuity and disaster recovery planning rather than during the business impact analysis.

The BIA focuses on identifying and prioritizing critical business functions, assessing the impact of downtime, and determining recovery time objectives and required resources. Its outputs inform choices such as alternate locations but the actual selection and implementation of a recovery site are part of recovery planning.

Develop surveys and questionnaires for data collection is incorrect because creating surveys and questionnaires is a typical BIA activity used to gather information about processes, dependencies, and resource requirements.

Select staff to interview for information gathering is incorrect because identifying which staff and subject matter experts to interview is a standard step in the BIA to ensure accurate and complete data collection.

Document the organization’s essential business functions is incorrect because documenting essential functions is a core BIA output that defines what must be recovered and in what priority.

Cameron’s Certification Exam Tip

Focus on the difference between analysis and planning. The BIA identifies critical functions and impact tolerances while business continuity planning decides how to recover, including choosing alternate locations.

Question 14

Greater resistance to electromagnetic interference and support for much longer transmission distances is correct.

Fiber optic cabling carries data as light in glass or plastic fibers so it is not affected by electromagnetic interference from power lines motors or nearby copper cables. This physical property makes fiber a reliable choice for campus backbone links between buildings and main switches where electrical noise can be present.

Fiber also exhibits much lower attenuation than copper so a single run can span tens to thousands of meters depending on the fiber type. That capacity for longer transmission distances and higher bandwidth makes fiber the practical medium for backbones that must support aggregated traffic and future growth.

Cloud Interconnect is incorrect because it describes a service or connection model for linking to cloud providers rather than a physical cabling medium for campus backbones. It does not address why one cable type would be chosen over another.

Use of standard RJ45 connectors is incorrect because RJ45 is the connector for copper twisted pair Ethernet. Fiber uses different connectors such as LC or SC and requires optical transceivers or media converters to connect to networking equipment.

Lower upfront cost and easier installation is incorrect because fiber components and termination often cost more up front and require specialized tools and skills. Fiber can lower long term costs and provide greater capability over distance but it is not generally chosen for lower initial cost or simpler installation.

Cameron’s Certification Exam Tip

Look for answers that describe the physical properties of the medium such as EMI immunity and maximum distance when the question asks why one cabling type is used for a backbone.

Question 15

The correct answer is Diffie-Hellman.

Diffie-Hellman is the canonical public key key agreement algorithm that allows two endpoints to derive a shared secret over an untrusted network without sending the secret itself. It is widely used as the key exchange component in protocols such as TLS and IPsec and it supports ephemeral modes that provide forward secrecy.

RSA is an asymmetric algorithm used for encryption and digital signatures and it can be used to transport keys in some protocols. It does not perform the same interactive key agreement process as Diffie-Hellman and it will not provide forward secrecy unless combined with ephemeral mechanisms.

SHA-256 is a cryptographic hash function and not an asymmetric algorithm. It produces message digests and cannot be used by itself to perform key agreement between two parties.

AES is a symmetric block cipher used for bulk encryption and it requires a shared key. It is not a method for two endpoints to agree on a secret, although the key AES uses can be established via a key agreement algorithm such as Diffie-Hellman.

Cameron’s Certification Exam Tip

When a question asks about two endpoints agreeing on a secret or performing key exchange look for Diffie-Hellman or its elliptic curve variant rather than encryption or hashing algorithms.

Question 16

The correct answer is Perform a post incident review and implement new countermeasures.

Perform a post incident review and implement new countermeasures is the right choice because this step occurs after containment and service restoration and focuses on preventing recurrence. The review phase captures lessons learned and performs root cause analysis so the organization can identify what failed and which controls need strengthening.

The team should update incident response plans and playbooks and implement technical and procedural countermeasures such as improved detection rules, configuration changes, and targeted user training. Turning the findings of the post incident review into concrete changes is how an organization reduces the likelihood of the same incident happening again.

Detection analysis and escalation is incorrect because that activity belongs to the identification and triage phases when an incident is first detected. It is not the action you perform after containment and normal operations have resumed.

Service recovery is incorrect because recovering services is the step that restores normal operations. The question states that normal operations have already resumed and asks what to do next to prevent recurrence.

Proactive preparation is incorrect because preparation happens before an incident. Proactive measures are important but they are not the post incident step that turns lessons learned into new countermeasures.

Cameron’s Certification Exam Tip

On exam questions identify where in the incident response lifecycle the task belongs. Look for answers that mention post-incident review or lessons learned when the prompt says containment and recovery are complete.

Question 17

The correct answer is Smart card token.

Smart card token is a physical device that stores cryptographic credentials or private keys and proves possession during authentication. It is classified as a something you have factor because the user must physically present or insert the card or token to authenticate. Smart cards are often used together with a PIN so that possession and knowledge are combined for stronger authentication.

Biometric fingerprint is incorrect because fingerprints are biometric traits and belong to the something you are category rather than a possession factor.

Cloud Identity is incorrect because it names an identity service or account and not a physical object that a user possesses. An identity provider is not a something you have authentication factor in the classic model.

Secret passphrase is incorrect because a passphrase is information the user knows and therefore fits the something you know category instead of a possession factor.

Cameron’s Certification Exam Tip

When you see factor classification questions ask whether the item is a physical object, something remembered, or a biological trait. Focus on whether the user must physically possess the item to authenticate to identify a something you have factor.

Question 18

The correct answer is Susceptible to both physical tampering and malicious software infections.

Kerberos Ticket Granting Service and authentication servers function as key distribution centers and they store long lived secret keys for many principals. Because they hold those secrets they are high value targets and are therefore vulnerable to attackers who can gain physical access and to attackers who can install or run malicious software on them.

Physical tampering can allow an attacker to extract keys or firmware and bypass protections by accessing hardware directly. Malicious software infections can capture keys from memory, alter authentication logic, or exfiltrate credentials over the network. Both attack classes can lead to full compromise of the authentication service.

Susceptible only to attacks from malicious software is incorrect because it ignores the serious risk from physical access and hardware compromise which can give direct access to stored keys.

Susceptible to credential guessing and offline password cracking attacks is incorrect because those attacks target user passwords or captured hashes and are not the primary risks to a server that centrally stores long term keys. The server is more at risk from direct compromise through tampering or malware than from simple guessing attacks against individual credentials.

Susceptible only to physical tampering is incorrect because it overlooks the real threat posed by malware which can remotely extract keys or subvert the authentication process without any physical access.

Cameron’s Certification Exam Tip

When a question says a server “stores secret keys” think about threats that allow extraction of those keys both by direct physical access and by software based attacks. Focus on the highest value vectors that can expose keys.

Question 19

Class A is correct because it supports the largest number of host addresses under the original classful IPv4 addressing scheme.

Class A uses a default mask of /8 which leaves 24 bits for host addresses. That yields 2^24 minus 2 usable addresses per network which equals 16,777,214 hosts after removing the network and broadcast addresses.

Class B is incorrect because it uses a default /16 mask which leaves 16 bits for hosts. That gives 2^16 minus 2 usable addresses which equals 65,534 hosts per network and that is far fewer than a Class A network.

Class C is incorrect because it uses a default /24 mask which leaves only 8 bits for hosts. That yields 2^8 minus 2 usable addresses which equals 254 hosts per network and that is much smaller than Class A or Class B.

Class E is incorrect because those addresses are reserved for experimental or future use and are not assigned for general host addressing. Class E is not available for normal host networks which makes it irrelevant when choosing the class with the greatest number of hosts.

Cameron’s Certification Exam Tip

Remember that Class A has the largest host space under classful addressing and that modern networks use CIDR and subnetting instead of strict class boundaries.

Question 20

The correct answer is Ping of Death.

An ICMP packet that exceeds the IPv4 maximum datagram size can cause problems during fragmentation and reassembly and that behavior is the classic characteristic of the Ping of Death. IPv4 limits a packet to 65,535 bytes and a 72 kilobyte ICMP packet is larger than that limit. Historically some implementations attempted to reassemble oversized fragments which led to memory corruption or crashes and that is why this attack is identified as the Ping of Death. Modern systems are generally patched to discard or properly handle such oversized fragments so it is largely a historical attack pattern.

Teardrop attack is incorrect because it relies on sending fragments with overlapping offsets to confuse reassembly logic rather than sending a single ICMP packet that exceeds the maximum IP datagram size.

TCP SYN flood is incorrect because that attack exhausts server TCP connection state by sending many SYN packets and not by sending oversized ICMP fragments.

Buffer overflow exploit is incorrect as an answer because it describes a general class of vulnerabilities and exploits rather than naming the specific network attack. The Ping of Death is the specific historical network attack that caused a buffer overflow via oversized ICMP reassembly.

Smurf amplification attack is incorrect because it uses spoofed ICMP echo requests to broadcast addresses to amplify traffic toward a victim and it does not involve sending an ICMP packet that exceeds the IP maximum size.

Cameron’s Certification Exam Tip

Question 21

The correct answer is Private residence.

A private residence is where a person typically has the strongest and most reasonable expectation of privacy because the occupant controls access and personal activities within the home. Courts have long recognized that a home is the quintessential private space and that people generally expect freedom from unreasonable observation and intrusion there.

Community park is incorrect because parks are public places that are open to anyone and visible to passersby. There is no meaningful expectation that activities in an open park are shielded from observation by the public or authorities.

City sidewalk is incorrect for the same reason. Sidewalks are public thoroughfares and what a person exposes to public view on a sidewalk is not typically protected by a reasonable expectation of privacy.

Workplace office is incorrect because the expectation of privacy at work is limited and depends on factors such as employer policies, shared space, and monitoring practices. Employers often have the right to monitor communications and access in offices, so the privacy expectation is not as strong as in a private home.

Cameron’s Certification Exam Tip

When deciding which setting offers a reasonable expectation of privacy ask whether the area is privately controlled and not open to the public or subject to employer monitoring.

Question 22

The correct option is N plus one redundancy.

This scenario is an example of N plus one redundancy because the operator has installed duplicate power modules, backup diesel generators, and two separate utility feeds so that there is at least one independent spare component available if a primary component or feed fails. Under N plus one redundancy the infrastructure is sized to tolerate a single failure without losing functionality, which matches the described measures.

Active active deployment is incorrect because that term describes multiple systems or sites actively sharing load at the same time for capacity and failover. The question describes added spare power capacity at sites rather than multiple active sites handling the workload.

Geographic redundancy is incorrect because geographic redundancy means placing resources in separate physical locations to survive regional failures or disasters. The described duplicate modules and generators are site level power resiliency measures and do not indicate separate geographic sites.

Multipath network design is incorrect because that concept applies to having multiple physical network paths to avoid connectivity single points of failure. The question focuses on power infrastructure redundancy and not on network path diversity.

Cameron’s Certification Exam Tip

When an exam item lists duplicate power equipment and a single spare unit think N+1 as the likely answer. Focus on whether the question is about power or about multiple active sites to avoid confusing it with active active or geographic options.

Question 23

Data residency and jurisdictional requirements is the correct option for Marcus to prioritize in his cloud security strategy.

When customer records are stored and processed across multiple continents governments and regulators can impose rules about where data must be kept and which legal systems can access it. These rules create legal risks that are separate from technical controls and they can force changes to data placement encryption and contract terms to remain compliant.

Identity and Access Management is important for controlling who can access systems and data but it does not directly address the legal question of which country has authority over the data.

Network security monitoring and intrusion detection provide detection and response capabilities that help protect data from breaches but they do not resolve jurisdictional obligations or cross border transfer restrictions.

Service level agreement obligations cover availability performance and some contractual liabilities and they are important for operations but they are not the primary legal risk when the concern is where customer records may lawfully be stored or accessed.

Cameron’s Certification Exam Tip

Focus on the question words such as where and who has legal authority when deciding whether the risk is legal jurisdictional or technical.

Question 24

Ethical conduct and professional integrity is the correct choice.

Ethical conduct and professional integrity must be the primary consideration because certified practitioners have a duty to protect people and systems and to maintain public trust when making decisions.

When technical options and legal requirements conflict or when resources are limited the guiding principle should be ethical judgment and professional integrity so that actions do not cause harm even if they are feasible or cheaper.

Cost effective and mindful of budgets is an important operational concern but it is not primary because prioritizing cost can lead to unsafe or unethical outcomes.

Technically accurate and operationally feasible is necessary for implementation but it does not address moral obligations or conflicts of interest and so it cannot be the sole guiding quality.

Compliant with applicable laws and regulations is required and it sets a baseline for behavior but legal compliance alone does not ensure ethical conduct and laws may lag behind professional responsibilities.

Cameron’s Certification Exam Tip

When faced with choices pick the option that emphasizes integrity and protection of stakeholders rather than one that focuses only on cost, technical ease, or minimal legal compliance.

Question 25

The correct answer is Store proprietor. The Store proprietor has the strongest reasonable expectation of privacy regarding the premises and daily operations.

The Store proprietor owns or controls the business premises and sets rules for access and operation. Ownership and control create the primary interest in confidentiality for inventory, business records, layout, and daily procedures, and that control is what courts and privacy doctrine use to determine who has the strongest reasonable expectation of privacy.

Independent contractor is incorrect because a contractor typically does not own the premises and works under terms set by the proprietor. The contractor’s access and authority are usually limited by contract and oversight, so their expectation of privacy in the store is weaker than the proprietor’s.

Guest on site is incorrect because visitors have a very limited expectation of privacy. Guests are subject to the proprietor’s rules and do not control store operations or business records, so they have little claim to privacy over the premises or daily operations.

Staff member is incorrect because employees have reduced privacy in employer owned spaces. Staff may have access to more areas than guests, but the proprietor retains authority to inspect work areas and records and to set policies, so employee privacy expectations are lower than the proprietor’s.

Cameron’s Certification Exam Tip

On reasonable expectation of privacy questions focus on who legally owns or controls the space and who can exclude others. Ownership and operational control usually indicate the strongest expectati