CompTIA Security Plus Mock Test Q338

A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?

A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices

Correct Answer: C
Section: Compliance and Operational Security

There many companies that allow full use of social media in the workplace, believing that the marketing opportunities it holds outweigh any loss in productivity. What they are unknowingly minimizing are the threats that exist. Rather than being all new threats, the social networking/media threats tend to fall in the categories of the same old tricks used elsewhere but in a new format. A tweet can be sent with a shortened URL so that it does not exceed the 140-character limit set by Twitter; unfortunately, the user has no idea what the shortened URL leads to. This makes training your employees regarding the risks social networking entails essential.

Incorrect Answers:
A: Peer-to-peer training is not going to mitigate security risks that are meant for mass distribution as social networking is designed to do.
B: Mobile devices are used to produce and send personal messages on a mass distribution basis as is facilitated by twitter, etc. these are social networking and to mitigate risks with this media your employees must be trained in the dangers that social networking poses. You cannot expect of your employees to leave their cell phones, etc. some other place when they are at work.
D: Personally owned devices can lead to company information getting intermingled with personal information that employees can put at risk – not media that allows for mass distribution of personal comments.

Dul Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 404, 406