CompTIA Security+ (SY0-701) — Question 548

A company is concerned about employees unintentionally introducing malware into the network. The company identified fifty employees who clicked on a link embedded in an email sent by the internal IT department. Which of the following should the company implement to best improve its security posture?

Answer options

• A. Social engineering training
• B. SPF configuration
• C. Simulated phishing campaign
• D. Insider threat awareness

Correct answer: A

Explanation

Implementing social engineering training will educate employees about the risks associated with phishing and how to recognize suspicious emails, which directly addresses the issue of clicking on harmful links. While SPF configuration can help prevent email spoofing, it does not educate users. Simulated phishing campaigns can test awareness but are less effective without prior training. Insider threat awareness focuses on malicious insiders rather than accidental actions by employees.