CompTIA Security+ (SY0-401) — Question 33

Ann, a technician, received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email.
Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

Answer options

• A. User Awareness
• B. Acceptable Use Policy
• C. Personal Identifiable Information
• D. Information Sharing

Correct answer: C

Explanation

The correct answer is C, as training on Personal Identifiable Information teaches employees about the importance of protecting their personal data and recognizing phishing attempts. While User Awareness training is also valuable, it may not focus specifically on the risks associated with personal information. Acceptable Use Policy and Information Sharing do not directly address the prevention of spear-phishing attacks.