PrepAway - Latest Free Exam Questions & Answers

Which of the following provides the BEST level of security training for the executives?

Human Resources (HR) would like executives to undergo only two specific security training programs a
year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

PrepAway - Latest Free Exam Questions & Answers

A.
Acceptable use of social media

B.
Data handling and disposal

C.
Zero day exploits and viruses

D.
Phishing threats and attacks

E.
Clean desk and BYOD

F.
Information security awareness

Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the organization,
including enforcing security policies and procedures. Managers should receive additional training or
exposure that explains the issues, threats, and methods of dealing with threats. Management will also be
concerned about productivity impacts and enforcement and how the various departments are affected
by security policies.
Phishing is a form of social engineering in which you ask someone for a piece of information that you are
missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and
contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they
are not trained to lookout for these attacks.
Incorrect Answers:
A: Acceptable use policies regarding how social media can be used within the organization is geared
mainly are the employees to make them aware that attackers can solicit information/data from the
company over instant messaging (IM) which is social media as easily as they can over email, and this can
occur in Facebook, MySpace, or anywhere else that IM is possibleB: Data handling and disposal refers to the access of data to those users that need to access it and not
more.
C: A Zero-day exploit occurs when a vulnerability/hole is found in a web-browser or other software by
attackers and exploited immediately. The executives of a company are unlikely to be handling this type of
attack.
E: A Clean Desk and BYOD policy training it best aimed at employees and to encourage employees to
maintain clean desks and to leave out only those papers that are relevant to the project they are working
on at that moment. All sensitive information should be put away when the employee is away from their
desk.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 338, 400


Leave a Reply