Exam SY0-601 topic 1 question 628 discussion

"enhance the skill levels of the company's developers" only A explains it- B - basic understanding of a phishing email, not enhancing anything C - we are talking about "company's developers" so there is not a need for physical training here D - same as B and C

Correct

I am convinced by these explanations: capture-the-flag (CTF) competitions can be a suitable training option for enhancing the skill levels of a company's developers in cybersecurity. CTF competitions can help developers learn how to identify and exploit security vulnerabilities in various systems, applications, and networks, which is essential for building secure software. CTF challenges can be designed to simulate real-world scenarios and can test a variety of skills at any level, including cryptography, network analysis, reverse engineering, exploitation, web technologies, memory corruption, forensics, and open-source cyber intelligence. CTF competitions can also provide a well-rounded approach to enhancing developer skills in cybersecurity, as they can help developers learn how to secure their code and applications effectively. On the other hand, A phishing simulation is one set of learning while CTF is well rounded one.

I originally thought that developers wouldn't be doing a CTF competition, but then I realized that it says "enhancing the skills," and a phishing sim/exercise would not enhance "skills", per se. The only one that would really make sense is CTF.

I have a feeling this one should be B. A CTF competition would mainly be used by cybersecurity personnel I would think, not really for developers to worry about. "Capture the flag. When training security professionals, organizations sometimes add an incentive called a capture the flag (CTF) exercise. " -Security+ SY0-601 Guide to Network Security Seventh Edition by Mark Ciampa