CompTIA PenTest+ (PT1-002) — Question 53

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

Answer options

• A. Implement a recurring cybersecurity awareness education program for all users.
• B. Implement multifactor authentication on all corporate applications.
• C. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.
• D. Implement an email security gateway to block spam and malware from email communications.

Correct answer: A

Explanation

The correct answer is A, as implementing a recurring cybersecurity awareness education program will help employees recognize phishing attempts and avoid falling victim to similar attacks in the future. While B, C, and D provide additional security layers, they do not directly address the issue of employee awareness and training, which is crucial in preventing such incidents.