CompTIA
CAS-003 · Question #503
CAS-003 Question #503: Real Exam Question with Answer & Explanation
The correct answer is C: The number of unsuccessful phishing attacks. The “Number of successful phishing attacks” alone does not mean a lot, since you must know how many phishing attacks are done. This way, IMHO “C. The number of unsuccessful phishing attacks” and “D. The percent of successful phishing attacks” would be correct. I would mark C, sin
Question
Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses "Number of successful phishing attacks" as a KRI, but it does not show an increase. Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?
Options
- AThe ratio of phishing emails to non-phishing emails
- BThe number of phishing attacks per employee
- CThe number of unsuccessful phishing attacks
- DThe percent of successful phishing attacks
Explanation
The “Number of successful phishing attacks” alone does not mean a lot, since you must know how many phishing attacks are done. This way, IMHO “C. The number of unsuccessful phishing attacks” and “D. The percent of successful phishing attacks” would be correct. I would mark C, since it complements the KRI you already have.
Community Discussion
No community discussion yet for this question.