CompTIA Security Plus Mock Test Q318

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

A. User Awareness
B. Acceptable Use Policy
C. Personal Identifiable Information
D. Information Sharing

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training.

Incorrect Answers:
A: A user-awareness program helps individuals in an organization understand how to implement policies, procedures, and technologies to ensure effective security.
B: Acceptable use policy describes how employees are allowed to use company systems and resources, and the consequences of misuse.
D: Information sharing is controlled using privacy policies. Privacy policies are implemented to maintain the sanctity of data privacy in the work environment.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 24-25, 404