CompTIA Security+ (SY0-701) — Question 545

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Answer options

• A. Evaluate tools that identify risky behavior and distribute reports on the findings.
• B. Send quarterly newsletters that explain the importance of password management.
• C. Develop phishing campaigns and notify the management team of any successes.
• D. Update policies and handbooks to ensure all employees are informed of the new procedures.

Correct answer: D

Explanation

The correct answer is D because updating policies and handbooks ensures that all employees are aware of the new security procedures, which is crucial for building a foundation of security awareness. The other options, while beneficial, are secondary to establishing clear and updated guidelines that every employee must follow.