CompTIA CASP+ (CAS-003) — Question 336

A company has experienced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing their effectiveness. Over the last three months, the number of phishing victims- dropped from 100 to only two in the last test. The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained.
Personal email accounts and USB drives are restricted from the corporate network. Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

Answer options

• A. Additional corporate-wide training on phishing
• B. A policy outlining what is and is not acceptable on social media
• C. Notifications when a user falls victim to a phishing attack
• D. Positive DLP preventions with stronger enforcement

Correct answer: B

Explanation

The correct answer is B because a clear policy on social media conduct can help prevent users from unintentionally sharing sensitive information, which remains a potential risk. While training on phishing (A) is beneficial, it does not address the specific social media risks. Notifications for phishing victims (C) may help in awareness but do not prevent incidents, and stronger DLP enforcement (D) might not be necessary if users are still sharing information on social platforms.