CompTIA Security Plus Mock Test Q313

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

A. Acceptable use of social media
B. Data handling and disposal
C. Zero day exploits and viruses
D. Phishing threats and attacks
E. Clean desk and BYOD
F. Information security awareness

Correct Answer: D,F
Section: Compliance and Operational Security

Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.

Incorrect Answers:
A: Acceptable use policies regarding how social media can be used within the organization is geared mainly are the employees to make them aware that attackers can solicit information/data from the company over instant messaging (IM) which is social media as easily as they can over email, and this can occur in Facebook, MySpace, or anywhere else that IM is possible
B: Data handling and disposal refers to the access of data to those users that need to access it and not more.
C: A Zero-day exploit occurs when a vulnerability/hole is found in a web-browser or other software by attackers and exploited immediately. The executives of a company are unlikely to be handling this type of attack.
E: A Clean Desk and BYOD policy training it best aimed at employees and to encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 338, 400