Certified Information Systems Security Professional (CISSP) — Question 253

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member's work location, length of employment, and building access controls. The employee's reporting is MOST likely the result of which of the following?

Answer options

• A. Security engineering
• B. Security awareness
• C. Phishing
• D. Risk avoidance

Correct answer: B

Explanation

The correct answer is B, as the employee's awareness of suspicious inquiries indicates a level of understanding regarding security risks. Options A, C, and D do not directly relate to the employee's decision to report the behavior, as security engineering and risk avoidance focus more on preventative measures rather than awareness of threats, and phishing specifically refers to deceptive communication rather than inquiries.