nerdexam
ExamsCAS-003Questions#969
CompTIA

CAS-003 · Question #969

CAS-003 Question #969: Real Exam Question with Answer & Explanation

The correct answer is C: Change the credentials harvested column to a percentage and introduce industry benchmarks for. Management has two stated needs: compare results to other companies, and improve display consistency. Converting the 'credentials harvested' column from a raw count to a percentage normalizes the data so organizations of different sizes can be meaningfully compared (consistency),

Question

A company has launched a phishing awareness campaign that includes serving customized phishing email to employees. Employees are encouraged to report all phishing attempts and/or delete the email without clicking on them. The first phishing email asks employees to dick on a link that takes them to a website where they are asked to enter their credentials. The management team wants metrics to determine the emails effectiveness. Following is the initial report: The management team wants to know how these results compare to those of other companies. They also want to improve the consistency of how the information is displayed. Which of the following changes should be made to this report?

Exhibit

CAS-003 question #969 exhibit

Options

  • AStop reporting department-level data and instead report for the company as a whole so as not to
  • BColor-code the data represented m the columns, with green being the best results in the company
  • CChange the credentials harvested column to a percentage and introduce industry benchmarks for
  • DAdd a column showing which passwords were harvested to pen out bad practices in password

Explanation

Management has two stated needs: compare results to other companies, and improve display consistency. Converting the 'credentials harvested' column from a raw count to a percentage normalizes the data so organizations of different sizes can be meaningfully compared (consistency), and adding industry benchmark percentages provides the external comparison point management wants. Stopping department-level reporting (A) reduces useful granularity without addressing benchmarking. Color-coding (B) improves readability slightly but adds no benchmarking capability. Listing the actual harvested passwords (D) is a security and privacy risk and serves no legitimate metrics purpose for this report.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice