CISSP · Question #1267
A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member's work locati
The correct answer is C. security awareness. Security awareness is the knowledge and understanding of security threats, risks, and best practices that enable users to protect themselves and the organization from cyberattacks. Security awareness training is a program that educates users on how to recognize and respond to var
Question
A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member's work location, length of employment, and building access controls. The employee's reporting is MOST likely the result of which of the following?
Options
- ARisk avoidance
- BSecurity engineering
- Csecurity awareness
- DPhishing
How the community answered
(31 responses)- B3% (1)
- C90% (28)
- D6% (2)
Explanation
Security awareness is the knowledge and understanding of security threats, risks, and best practices that enable users to protect themselves and the organization from cyberattacks. Security awareness training is a program that educates users on how to recognize and respond to various types of security incidents, such as phishing, social engineering, malware, ransomware, etc. The employee's reporting of the suspicious behavior is most likely the result of security awareness training, as it shows that the employee was able to identify a potential social engineering attempt and report it to the security team. Risk avoidance is a strategy that involves avoiding or eliminating activities or assets that pose a high level of risk to the organization. Risk avoidance does not explain the employee's reporting of the suspicious behavior, as it is not related to the incident. Security engineering is the application of engineering principles and practices to design and implement secure systems and processes. Security engineering does not explain the employee's reporting of the suspicious behavior, as it is not related to the incident. Phishing is a type of social engineering attack that uses fraudulent emails or websites to trick users into revealing sensitive information or installing malware. Phishing is not the result of the employee's reporting, but rather the possible motive of the suspicious behavior.
Topics
Community Discussion
No community discussion yet for this question.