CompTIA Security Plus Mock Test Q306

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

A. Change management
B. Implementing policies to prevent data loss
C. User rights and permissions review
D. Lessons learned

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the question is a situation where a security breach had occurred and its response which shows that lessons have been learned and used to put in place measures that will prevent any future security breaches of the same kind.

Incorrect Answers:
A: Change Management refers to the structured approach that is followed to secure a company’s assets. Described in the question is a case of incident response. And incident response is but a part of change management.
B: Policies preventing data loss involves monitoring the contents of systems to make sure that key content is not deleted or removed. This is not the updating and backup of all router and switch configurations.
C: Audits usually address user rights and permission reviews which forms part of risk mitigation.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 429