Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway
while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered
connection and corporate data is stolen. Which of the following would BEST prevent this from occurring
again?

A.
Disable the wireless access and implement strict router ACLs.

B.
Reduce restrictions on the corporate web security gateway.

C.
Security policy and threat awareness training.

D.
Perform user rights and permissions reviews.

Explanation:
BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with
malware introducing that malware to the network and security awareness training will address the issue
of the company’s security policy with regard to BYOD.Incorrect Answers:
A: Disabling wireless access and implementing strict router ACL’s will hamper the day-to-day operations
of the company and disabling these ‘punishes all users’ and not just Sara who was responsible for the
data theft that occurred. It would be best to provide training to all users regarding BYOD.
B: Reducing restrictions on the corporate web security gateway will leave the company data more
vulnerable.
D: User rights and permissions reviews will not prevent data theft since Sara still requires permissions to
perform her duties.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 399-404, 401