EC-Council
312-50V11 · Question #810
312-50V11 Question #810: Real Exam Question with Answer & Explanation
The correct answer is A: Warning to those who write password on a post it note and put it on his/her desk. When an active, observable security violation exists like passwords written on sticky notes, the most immediate first corrective step is to directly warn those individuals before rolling out broader programs.
Social Engineering
Question
Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?
Options
- AWarning to those who write password on a post it note and put it on his/her desk
- BDeveloping a strict information security policy
- CInformation security awareness training
- DConducting a one to one discussion with the other employees about the importance of information
Explanation
When an active, observable security violation exists like passwords written on sticky notes, the most immediate first corrective step is to directly warn those individuals before rolling out broader programs.
Common mistakes.
- B. Developing a strict information security policy is a longer-term organizational effort requiring planning and approval, making it a downstream step rather than an immediate first response.
- C. Information security awareness training requires scheduling, material preparation, and coordination, making it a subsequent step that builds on initial corrective actions already taken.
- D. One-on-one discussions are time-consuming and less scalable than a direct warning, and are better used as a follow-up reinforcement tool after the initial corrective action.
Concept tested. Security awareness - immediate corrective action priority
Topics
#security awareness#password policy#human factor#insider threat
Community Discussion
No community discussion yet for this question.