CISSP · Question #1068
Which of the following is an indicator that a company's new user security awareness training module has been effective?
The correct answer is B. More incidents of phishing attempts are being reported.. The question asks for an indicator that security awareness training has been effective. An increase in reported phishing attempts signifies improved user awareness and vigilance, a direct result of effective training.
Question
Which of the following is an indicator that a company's new user security awareness training module has been effective?
Options
- AThere are more secure connections to the internal database servers.
- BMore incidents of phishing attempts are being reported.
- CThere are more secure connections to internal e-mail servers.
- DFewer incidents of phishing attempts are being reported.
How the community answered
(20 responses)- A5% (1)
- B85% (17)
- D10% (2)
Why each option
The question asks for an indicator that security awareness training has been effective. An increase in reported phishing attempts signifies improved user awareness and vigilance, a direct result of effective training.
The number of secure connections to internal database servers is a technical configuration concern (e.g., use of TLS/SSL), not directly reflective of user awareness in identifying and reporting security threats.
Effective security awareness training aims to educate users on how to identify various attack vectors, such as phishing attempts. An increase in reported phishing incidents indicates that users are better equipped to recognize and actively report these threats, demonstrating improved vigilance and a successful outcome of the training.
Similar to database servers, secure connections to internal e-mail servers relate to infrastructure security settings rather than user-level threat detection and reporting skills developed through training.
Fewer reported incidents of phishing attempts could imply users are failing to identify these attempts, which would indicate a *failure* of the training to improve user detection and reporting capabilities.
Concept tested: Measuring security awareness training effectiveness
Source: https://learn.microsoft.com/en-us/microsoft-365/compliance/measure-and-report-on-security-awareness-training-results
Topics
Community Discussion
No community discussion yet for this question.