Exam CISSP topic 1 question 80 discussion

Yep "B"

Obviously B

my AI told me that B is correct, and I'm convinced. I chose D previously, and now I felt foolish.

which one is vague ohh i mean which one encompasses the other and that's it!!!!! B. for me

The correct answer is option B: Internal assessment of the training program's effectiveness. To determine the measure of success of a security awareness training program designed to prevent social engineering attacks, conducting an internal assessment of the program's effectiveness is essential. This assessment involves evaluating the program's impact on employees' knowledge, behavior, and ability to recognize and respond to social engineering attacks. It helps determine whether the training program is achieving its intended objectives and identifies areas for improvement.

B sounds ambiguous to me since it's not stating any kind of KPI to determine the program success. According to the Official Study Guide 9th edition pag 100 " In some circumstances, a quiz or test can be administered to workers inmediately after training session. A follow up quiz should be performed three to six months later to see if they retain the information..."

Training evaluation is important for a variety of reasons. It can help identify areas where training is needed, assess the effectiveness of training, and determine whether training is having the desired impact. Training evaluation can also help improve the quality of future training programs.

How will you measure internal effectiveness??

What the assessment will do? ! Every training awareness should include test at the end to evaluate every candidate how well they benefit of the training. This way you can partially measure the effectiveness of the training. The other part is related to how these trained staff react to social engineering attacks.

I'll go with B on this one.