CompTIA
SY0-301 · Question #440
SY0-301 Question #440: Real Exam Question with Answer & Explanation
The correct answer is A: Information Security Awareness. Information Security Awareness training directly addresses the human vector exploited in social engineering attacks by teaching employees to recognize and resist manipulation tactics.
Question
After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?
Options
- AInformation Security Awareness
- BSocial Media and BYOD
- CData Handling and Disposal
- DAcceptable Use of IT Systems
Explanation
Information Security Awareness training directly addresses the human vector exploited in social engineering attacks by teaching employees to recognize and resist manipulation tactics.
Common mistakes.
- B. Social Media and BYOD training addresses risks related to personal devices and social media usage, which is not directly relevant to phone-based social engineering attacks on customer data.
- C. Data Handling and Disposal training covers proper management of physical and digital data assets, not the recognition and resistance of social engineering manipulation by phone.
- D. Acceptable Use of IT Systems training defines proper use of company technology resources and does not address the human behavioral factors exploited in social engineering phone attacks.
Concept tested. Security awareness training to counter social engineering
Reference. https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-phishing
Community Discussion
No community discussion yet for this question.