CompTIA CASP+ (CAS-003) — Question 120

Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?

Answer options

• A. Conduct a series of security training events with comprehensive tests at the end
• B. Hire an external company to provide an independent audit of the network security posture
• C. Review the social media of all employees to see how much proprietary information is shared
• D. Send an email from a corporate account, requesting users to log onto a website with their enterprise account

Correct answer: D

Explanation

The correct answer is D because sending a phishing email simulates real-world threats and tests employees' awareness of security risks. Option A, while beneficial for training, does not directly assess current awareness. Option B focuses on network security rather than employee knowledge, and option C does not effectively measure awareness regarding security protocols.