Certified Information Systems Security Professional (CISSP) — Question 429

Which of the following is an indicator that a company's new user security awareness training module has been effective?

Answer options

• A. There are more secure connections to internal e-mail servers.
• B. More incidents of phishing attempts are being reported.
• C. Fewer incidents of phishing attempts are being reported.
• D. There are more secure connections to the internal database servers.

Correct answer: B

Explanation

The correct answer is B because an effective training module should lead users to recognize and report phishing attempts rather than fall victim to them. Options A and D do not directly reflect user awareness, while C would indicate a lack of awareness if fewer incidents are reported.