CompTIA Security Plus Mock Test Q315

Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?

A. Disable the wireless access and implement strict router ACLs.
B. Reduce restrictions on the corporate web security gateway.
C. Security policy and threat awareness training.
D. Perform user rights and permissions reviews.

Correct Answer: C
Section: Compliance and Operational Security

BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with malware introducing that malware to the network and security awareness training will address the issue of the company’s security policy with regard to BYOD.

Incorrect Answers:
A: Disabling wireless access and implementing strict router ACL’s will hamper the day-to-day operations of the company and disabling these ‘punishes all users’ and not just Sara who
was responsible for the data theft that occurred. It would be best to provide training to all users regarding BYOD.
B: Reducing restrictions on the corporate web security gateway will leave the company data more vulnerable.
D: User rights and permissions reviews will not prevent data theft since Sara still requires permissions to perform her duties.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 399-404, 401