CompTIA CASP+ (CAS-003) — Question 290

The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues.
Which of the following is the MOST important information to reference in the letter?

Answer options

• A. After-action reports from prior incidents.
• B. Social engineering techniques
• C. Company policies and employee NDAs
• D. Data classification processes

Correct answer: C

Explanation

The most critical information to include is company policies and employee NDAs, as they provide guidelines on confidentiality and the handling of sensitive information. While after-action reports, social engineering techniques, and data classification processes are important, they do not directly address the immediate privacy and operational security concerns relevant to participants in the campaign.