312-50V13 · Question #205
312-50V13 Question #205: Real Exam Question with Answer & Explanation
The correct answer is C: Information security awareness training. Explanation Information security awareness training (C) is the correct first step because it provides a structured, scalable approach to educating all employees simultaneously about the importance of protecting confidential information like passwords - addressing the root cause o
Question
Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?
Options
- AWarning to those who write password on a post it note and put it on his/her desk
- BDeveloping a strict information security policy
- CInformation security awareness training
- DConducting a one to one discussion with the other employees about the importance of information
Explanation
Explanation
Information security awareness training (C) is the correct first step because it provides a structured, scalable approach to educating all employees simultaneously about the importance of protecting confidential information like passwords - addressing the root cause of the problem, which is a lack of knowledge and security culture.
Why the distractors are wrong:
- A (Warning post-it note writers) is reactive and targets only one specific behaviour, rather than proactively building broad understanding across the workforce.
- B (Developing a strict security policy) is important but should come after or alongside training - a policy is ineffective if employees don't first understand why security matters, especially in a low-IT-literacy environment.
- D (One-to-one discussions) is impractical and inefficient for an entire company, and lacks the consistency and structure needed to deliver a uniform security message.
Memory Tip: Think "Educate before you Enforce" - before warnings, policies, or individual conversations can be meaningful, employees need foundational awareness. Training builds the understanding; everything else reinforces it. When a question asks about the first step to make employees understand something, training is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.