CompTIA Security Plus Mock Test Q316

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

A. To ensure proper use of social media
B. To reduce organizational IT risk
C. To detail business impact analyses
D. To train staff on zero-days

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Ideally, a security awareness training program for the entire organization should cover the following areas:
Importance of security
Responsibilities of people in the organization
Policies and procedures
Usage policies
Account and password-selection criteria
Social engineering prevention
You can accomplish this training either by using internal staff or by hiring outside trainers. This type of training will significantly reduce the organizational IT risk.

Incorrect Answers:
A: Proper use of social media would just be one aspect of risk awareness that should be provided.
C: A business Impact analysis is part of the Business Continuity planning which is primarily a management tool and not for all users and organizational staff.
D: Zero days refers to the type of attack impact after an incident occurred and this would be too late to provide user awareness – it would be after the fact.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 399-401