CompTIA Security+ (SY0-601) — Question 346

A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization’s email system. Which of the following would be best suited for this task?

Answer options

• A. Social media analysis
• B. Annual information security training
• C. Gamification
• D. Phishing campaign

Correct answer: D

Explanation

The correct answer is D, as a phishing campaign directly simulates email-based attacks, allowing users to practice identifying and responding to phishing attempts. Options A, B, and C do not provide hands-on experience with email threats, making them less effective for this specific goal.