CompTIA CySA+ (CS0-001) — Question 125

After reading about data breaches at a competing company, senior leaders in an organization have grown increasingly concerned about social engineering attacks. They want to increase awareness among staff regarding this threat, but do not want to use traditional training methods because they regard these methods as ineffective. Which of the following approaches would BEST meet the requirements?

Answer options

• A. Classroom training on the dangers of social media followed by a test and gift certificates for any employee getting a perfect score.
• B. Simulated phishing emails asking employees to reply to the email with their updated phone number and office location
• C. A poster contest to raise awareness of PII and asking employees to provide examples of data breaches and consequences
• D. USB drives randomly placed inside and outside the organization that contain a pop-up warning to any users who plug the drive into their computer

Correct answer: A

Explanation

Option A is correct because it combines education with an incentive, making the training engaging and likely to improve retention of information. The other options, while creative, do not provide a comprehensive learning experience; B may lead to distrust, C is less structured and may not effectively convey critical information, and D could pose security risks without providing adequate training.