CompTIA Security Plus Mock Test Q1667

Ann, a college professor, was recently reprimanded for posting disparaging remarks re-grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?

A. Data Labeling and disposal
B. Use of social networking
C. Use of P2P networking
D. Role-based training

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q343

The use of social networking sites introduces the risk of:

A. Disclosure of proprietary information
B. Data classification issues
C. Data availability issues
D. Broken chain of custody

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
People and processes must be in place to prevent the unauthorized disclosure or proprietary information and sensitive information s these pose a security risk to companies. With social networking your company can be exposed to as many threats as the amount of users that make use of social networking and are not advised on security policy regarding the use of social networking.

Incorrect Answers:
B: Data classification refers to the categories that data can be divided into and of more concern would be the disclosure of proprietary information when using social networking sites.
C: Availability would not be the issue here, but rather the over exposure/over availability of your data.
D: Chain of custody issues is part of basic forensic procedures.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 335, 409- 410

CompTIA Security Plus Mock Test Q338

A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?

A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
There many companies that allow full use of social media in the workplace, believing that the marketing opportunities it holds outweigh any loss in productivity. What they are unknowingly minimizing are the threats that exist. Rather than being all new threats, the social networking/media threats tend to fall in the categories of the same old tricks used elsewhere but in a new format. A tweet can be sent with a shortened URL so that it does not exceed the 140-character limit set by Twitter; unfortunately, the user has no idea what the shortened URL leads to. This makes training your employees regarding the risks social networking entails essential.

Incorrect Answers:
A: Peer-to-peer training is not going to mitigate security risks that are meant for mass distribution as social networking is designed to do.
B: Mobile devices are used to produce and send personal messages on a mass distribution basis as is facilitated by twitter, etc. these are social networking and to mitigate risks with this media your employees must be trained in the dangers that social networking poses. You cannot expect of your employees to leave their cell phones, etc. some other place when they are at work.
D: Personally owned devices can lead to company information getting intermingled with personal information that employees can put at risk – not media that allows for mass distribution of personal comments.

References:
Dul Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 404, 406
http://whatis.techtarget.com/definition/social-media

CompTIA Security Plus Mock Test Q314

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

A. Security awareness training.
B. BYOD security training.
C. Role-based security training.
D. Legal compliance training.

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
Security awareness and training are critical to the success of a security effort. They include explaining policies, procedures, and current threats to both users and management.

Incorrect Answers:
B: BYOD security training is just part of security awareness training and involves the possibility of a personal device that is infected with malware introducing that malware to the network.
C: Role-based security training is more geared towards specific roles.
D: Legal compliance training would refer to keeping users up to date with new regulations and laws, not threats, trends and use of social engineering.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 399-404

Comptia Security Plus Mock Test Q25

Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?

A. Internet content filter
B. Firewall
C. Proxy server
D. Protocol analyzer

Correct Answer: A
Section: Network Security

Explanation:
Web filtering software is designed to restrict or control the content a reader is authorised to access, especially when utilised to restrict material delivered over the Internet via the Web, e-mail, or other means.

Incorrect Answers:
B: The basic purpose of a firewall is to isolate one network from another.

C: A proxy server is a variation of an application firewall or circuit-level firewall, and used as a middleman between clients and servers. Often a proxy serves as a barrier against
external threats to internal clients.

D: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the process of monitoring the data that is transmitted across a network.

References:
http://en.wikipedia.org/wiki/Content-control_software
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 11, 96, 342