User training | Exam Premium

CompTIA Security+ Question L-57

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

A. Information Security Awareness
B. Social Media and BYOD
C. Data Handling and Disposal
D. Acceptable Use of IT Systems

Answer: A

Explanation:
Education and training with regard to Information Security Awareness will reduce the risk of data leaks and as such forms an integral part of Security Awareness. By employing social engineering data can be leaked by employees and only when company users are made aware of the methods of social engineering via Information Security Awareness Training, you can reduce the risk of data leaks.

CompTIA Security+ Question K-74

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?

A. Installing anti-malware
B. Implementing an IDS
C. Taking a baseline configuration
D. Disabling unnecessary services

Answer: D

Explanation:
Preventive controls are to stop something from happening. These can include locked doors that keep intruders out, user training on potential harm (to keep them vigilant and alert), or even biometric devices and guards that deny access until authentication has occurred. By disabling all unnecessary services you would be reducing the attack surface because then there is less opportunity for risk incidents to happen. There are many risks with having many services enabled since a service can provide an attack vector that someone could exploit against your system. It is thus best practice to enable only those services that are absolutely required.

CompTIA Security+ Question H-89

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

A. Develop a set of standards
B. Separation of duties
C. Develop a privacy policy
D. User training

Answer: D

Explanation:
User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means.

CompTIA Security+ Question C-87

Users in the HR department were recently informed that they need to implement a user training and awareness program which is tailored to their department. Which of the following types of training would be the MOST appropriate for this department?

A. Handing PII
B. Risk mitigation
C. Input validation
D. Hashing

Answer: A

CompTIA A+ Core 2 Question J-20

Which of the following security threats is BEST mitigated through proper user training?

A. A Worm
B. Rootkits
C. Social Engineering
D. Browser Adware

Correct Answer: C

Explanation:
http://www.veracode.com/blog/2013/03/hacking-the-mind-how-why-social-engineering-works/

CompTIA A+ Core 2 Question B-88

A technician must secure company documents from accidental disclosure. Which of the following should be implemented? (Select TWO).

A. User training
B. Anti-malware
C. Paper shredding
D. Time of day restrictions
E. Employee badges
F. Mantraps

Correct Answer: AC

Explanation:
http://en.wikipedia.org/wiki/Paper_shredder

CompTIA A+ Question J-42

Which of the following security threats are MOST likely prevented through user training?

A. Network Intrusion
B. Adware Popups
C. Social Engineering
D. Spam Messages

Correct Answer: C

CompTIA A+ Question B-80

A new security flaw and fix has been published about a laptop’s OS. Which of the following can be implemented to prevent exploitation?

A. Enable screen lock
B. Patching policy
C. User training
D. Enable hard drive encryption

Correct Answer: B

Explanation:
http://www.computerweekly.com/feature/Microsoft-patch-management-policy