CompTIA Security Plus Mock Test Q311

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

A. Information Security Awareness
B. Social Media and BYOD
C. Data Handling and Disposal
D. Acceptable Use of IT Systems

Correct Answer: A
Section: Compliance and Operational Security

Education and training with regard to Information Security Awareness will reduce the risk of data leaks and as such forms an integral part of Security Awareness. By employing social engineering data can be leaked by employees and only when company users are made aware of the methods of social engineering via Information Security Awareness Training, you can reduce the risk of data leaks.

Incorrect Answers:
B: Attackers can solicit information/data from the company over instant messaging (IM) which is social media as easily as they can over email, and this can occur in Facebook, MySpace, or anywhere else that IM is possible. As far as employees bringing their own devices is concerned: it can connect to the company’s Wi Fi network.
C: Data handling and disposal refers to the access of data to those users that need to access it and not more and how YOU as the CIO handle the disposal of that data, it does not involve training users.
D: Acceptable use of IT systems refers to the usage of computers within the organization, not the leaking of data prevention.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 364-369, 399-404, 408, 420, 422