CompTIA Security Plus Mock Test Q334

Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?

A. Train employees on correct data disposal techniques and enforce policies.
B. Only allow employees to enter or leave through one door at specified times of the day.
C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.
D. Train employees on risks associated with social engineering attacks and enforce policies.

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. Many social engineering intruders needing physical access to a site will use this method of gaining entry. Educate users to beware of this and other social engineering ploys and prevent them from happening.

Incorrect Answers:
A: Data disposal methods refers to how data is disposed off, especial by destroying the media on which it was stored, this will not safeguard the company from the risks involved with
tailgating.
B: Leaving or entering a building at specified times do not prevent tailgating – in fact it could facilitate tailgating in that culprits will know what times they can try to gain unlawful entry.
C: It is hugely impractical for a large corporation to only allow employees to go on a break one at a time.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 353, 405, 408