CompTIA Security+ Question K-8

Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?

A. To ensure proper use of social media
B. To reduce organizational IT risk
C. To detail business impact analyses
D. To train staff on zero-days

Answer: B

Explanation:
Ideally, a security awareness training program for the entire organization should cover the following areas: Importance of security Responsibilities of people in the organization Policies and procedures Usage policies Account and password-selection criteria Social engineering prevention

You can accomplish this training either by using internal staff or by hiring outside trainers. This type of training will significantly reduce the organizational IT risk.

CompTIA Security+ Question J-74

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

A. Change management
B. Implementing policies to prevent data loss
C. User rights and permissions review
D. Lessons learned

Answer: D

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the question is a situation where a security breach had occurred and its response which shows that lessons have been learned and used to put in place measures that will prevent any future security breaches of the same kind.

CompTIA Security+ Question F-95

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

A. Date of birth.
B. First and last name.
C. Phone number.
D. Employer name.

Answer: A

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.

CompTIA Security+ Question B-72

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

A. User Awareness
B. Acceptable Use Policy
C. Personal Identifiable Information
D. Information Sharing

Answer: C

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training.

CompTIA Network+ Question A-54

A company has added several new employees, which has caused the network traffic to increase by 200%. The network traffic increase from the new employees was only expected to be 20% to 30%. The administration suspects that the network may have been compromised. Which of the following should the network administrator have done previously to minimize the possibility of a network breach?

A. Create VLANs to segment the network traffic
B. Place a network sniffer on segments with new employees
C. Provide end user awareness and training for employees
D. Ensure best practices were implemented when creating new user accounts

Correct Answer: C