SY0-301 · Question #228
SY0-301 Question #228: Real Exam Question with Answer & Explanation
The correct answer is B: To reduce organizational IT risk. Security awareness and training programs primarily aim to reduce organizational IT risk by educating users to recognize and avoid threats such as phishing, social engineering, and unsafe computing practices. An informed workforce is one of the most effective layers of defense.
Question
Options
- ATo ensure proper use of social media
- BTo reduce organizational IT risk
- CTo detail business impact analyses
- DTo train staff on zero-days
Explanation
Security awareness and training programs primarily aim to reduce organizational IT risk by educating users to recognize and avoid threats such as phishing, social engineering, and unsafe computing practices. An informed workforce is one of the most effective layers of defense.
Common mistakes.
- A. Proper use of social media may be one topic covered in awareness training, but it is too narrow a scope to represent the primary and best reason for running an organizational training program.
- C. Business impact analysis (BIA) is a strategic planning process used to identify critical systems and quantify the effect of disruptions, not a topic delivered to general staff through awareness training.
- D. Zero-day vulnerabilities are unknown exploits with no existing patch or signature, making it impossible to train staff specifically on how to handle threats that have not yet been publicly disclosed.
Concept tested. Purpose of security awareness and training programs
Reference. https://csrc.nist.gov/publications/detail/sp/800-50/final
Community Discussion
No community discussion yet for this question.