exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 107 discussion

Actual exam question from ISC's CISSP
Question #: 107
Topic #: 1
[All CISSP Questions]

Which of the following is an indicator that a company's new user security awareness training module has been effective?

  • A. There are more secure connections to internal e-mail servers.
  • B. More incidents of phishing attempts are being reported.
  • C. Fewer incidents of phishing attempts are being reported.
  • D. There are more secure connections to the internal database servers.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Cww1
Highly Voted 2 years, 3 months ago
Its B not C
upvoted 16 times
jackdryan
1 year, 7 months ago
B is correct
upvoted 1 times
...
DERCHEF2009
2 years, 3 months ago
Agree with B
upvoted 1 times
dev46
2 years, 3 months ago
Tricky options B & C - I ended up choosing C, but B is right The whole idea of awareness training is to change user behaviour. When more incidents are reported, it's a good indicator that users are security aware and taking the right action
upvoted 9 times
...
...
...
Ramye
Most Recent 6 months ago
Selected Answer: B
You have to wonder who/how ExamTopics answering these questions! It appears they didn’t even do simple research for providing answers.
upvoted 2 times
deeden
4 months, 3 weeks ago
I think most answers are purposely incorrect in order to inspire collaboration. :)
upvoted 1 times
...
...
nelombg
9 months, 2 weeks ago
It's a tricky QUESTION, but the answer is B.
upvoted 1 times
...
YesPlease
1 year ago
Selected Answer: B
Answer B) More... If users are more aware, then they should be reporting MORE instances of phishing attempts.
upvoted 2 times
...
Soleandheel
1 year ago
C. Fewer incidents of phishing attempts are being reported. For those selecting B, you are mistaken. I understand your logic, you're thinking that employees will report more phishing attemps when they are more away but your approach of looking at it is flawed. When an awareness program is effective, employees will have fewer security incidents. There is a difference between a security event and a security incident. An incident usually means that the phishing event was successful and as such an incident that needs to be contained or mitigated. C. is the correct answer because fewer incidents will be reported because the phishing attempt events will not be successful to become incidents. I hope this makes sense to you. You have to be able to distinguish between a phishing event and a phishing incident. There is a difference between an event and an incident. Not all security events are incidents.
upvoted 4 times
YesPlease
1 year ago
I would agree with you if the word "ATTEMPT" was not in the answers provided. Just getting a phishing email is considered an incident, but not a bad one if the attempt failed to get the user to click on the email content and it was reported instead.
upvoted 1 times
...
...
homeysl
1 year, 2 months ago
Selected Answer: B
B. This is the goal of phishing awareness program.
upvoted 2 times
...
Socca
1 year, 2 months ago
B is correct The objective of awareness training is to change user behavior and if the number of phising incident that have reported is increased means that the awareness program has succeeded
upvoted 1 times
...
LalithW
1 year, 2 months ago
Here most of the people have misunderstood the word Incident and have voted for C. According to NIST, an Incident is An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Simply, a security incident is an event that may indicate that an organization's systems or data have been compromised. So fewer incidents of phishing attempts are being reported means that the awareness training are success.
upvoted 2 times
Soleandheel
1 year ago
You are right! Which means the correct answer is C. not B. ........C. Fewer incidents of phishing attempts are being reported. "People have misunderstood the word incident and have voted for B".
upvoted 1 times
...
...
georgegeorge125487
1 year, 4 months ago
Selected Answer: B
More aware means being able to identify and report.
upvoted 2 times
...
akinmoyeroolu
1 year, 4 months ago
C. Fewer incidents of phishing attempts are being reported. An effective security awareness training module should lead to a decrease in successful phishing attempts, as users become more vigilant and cautious about identifying and reporting phishing attempts.
upvoted 1 times
...
MShaaban
1 year, 4 months ago
I go with B. After users awareness they are to be more vigilant and report more incidents. Whether those incidents are true or not it is a different story, but the fact they are more suspicious and they would report more incidents.
upvoted 1 times
...
benllp_sst
1 year, 4 months ago
Selected Answer: C
The incident is the keywords. Fewer incident means successful phishing reduced.
upvoted 1 times
benllp_sst
1 year, 4 months ago
B is correct, mixed up "incident" and "accident"
upvoted 1 times
...
...
Bach1968
1 year, 5 months ago
Selected Answer: C
C. Fewer incidents of phishing attempts are being reported.
upvoted 1 times
ap0ls
9 months ago
Agree with this logic
upvoted 1 times
...
...
HughJassole
1 year, 6 months ago
Sure seems like B. I get these phishing emails at work and click on "report phishing". Although, I now just ignore them since it's obvious to me this is phishing. My employer doesn't care though, but others take the report very seriously and can terminate you if you ignore. So this question actually has both B and C as answers, depending on the situation.
upvoted 1 times
...
dmo_d
1 year, 7 months ago
C is correct. It's all about wording. "fishing attempts" leads us to answer B. But the scenario does not state if these attempts were successful or not. The word "incident" is the key. An incident indicates that the security event "fishing attempt" already had an negative effect on the organization - the fishing attempt was successful. This is why a successful awareness campaign should lead to FEWER incidents.
upvoted 3 times
dumdada
1 year, 6 months ago
You missed it. More are being REPORTED which means users now recognize phishing attempts and report them, which means the training was good. It's B.
upvoted 1 times
...
...
csco10320953
1 year, 9 months ago
It would be C ,Since ,it is effective result
upvoted 1 times
...
Dee83
1 year, 11 months ago
C. Correct answer Fewer incidents of phishing attempts are being reported is an indicator that a company's new user security awareness training module has been effective. This suggests that the employees are becoming more aware of phishing attempts and are therefore less likely to fall for them.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago