Exam CISSP topic 1 question 245 discussion

Phishing is clearly there. Would that itself result the reporting? NO Security awareness of the user has resulted it being reported. New employee part can also be tricky but companies let new employees to get security awareness training on their onboarding process. This is another little indicator for it.

Poorly worded question, what happened was a phish the reason he reported it was his security awareness. Still undecided on which one is correct.

Because phishing has taken place. Without attempt to phish, security awareness would have not result in report.

The employee's reporting is most likely the result of security awareness. The employee recognized the suspicious behavior and knew to report it to the organization security team. This shows that the employee had been trained to be aware of security risks and to report them promptly.

Security awareness is a program that provides education and training to employees and other individuals within an organization to increase their understanding of security risks and to help them identify and respond to potential security threats. By providing training and education on security awareness, organizations can increase the likelihood that employees will identify and report potential security threats, such as the suspicious behavior described in the scenario.

his report indicate he has high level of security awareness.

Phishing alone does not equal a higher reporting likelihood. Phishing + Security Awareness does.

Sounds like the new guy been paying attention during that awareness training.

The answer is B. The employee reported this issue because of their level of security awareness.

B is the answer

The correct answer is B without a doubt.

Also agree with B

Agree with B

I agree with B.

I think this is B, the employee is reporting the phising attempt due to security awareness training