After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?
A.
Evaluate tools that identify risky behavior and distribute reports on the findings.
B.
Send quarterly newsletters that explain the importance of password management.
C.
Develop phishing campaigns and notify the management team of any successes.
D.
Update policies and handbooks to ensure all employees are informed of the new procedures.
I feel like this is might be a wording one. Why would you be evaluating the tools and not evaluate using the tools? "A. Evaluate tools that identify risky behavior and distribute reports on the findings."
Also on one of CompTIAs articles in the protips section of phising, it says to use policies to inform users about policies and procedures, then states testing your users
https://www.comptia.org/content/articles/cybersecurity-awareness-training#:~:text=Proactive%20security%20awareness%20involves%20checking,the%20email%20for%20anything%20suspicious.
Answer D.
Sec+ Student Guide: Chapter "Cybersecurity Framework" in accordance with NIST Cyber Framework: The first step is "Identify—develop security policies and capabilities. Evaluate risks, threats, and vulnerabilities and recommend security controls to mitigate them."
Detection (A) is the third step.
That's also what happens in real life. When you start as a manager or as an auditor, you not start directly with implementing tools. You first read and adjust the existing policies and guidelines.
Good luck on the exam!
Start with C, Then Move to D.
1️⃣ First: Phishing simulations & hands-on training → Immediate impact & awareness.
2️⃣ Then: Update policies & handbooks → Reinforce expectations based on real observations
Wont A be focusing more on monitoring behavior, not raising awareness. Employees must first understand security best practices before assessing their behavior so D makes sense so that employees understand expectations, best practices, and consequences for security violations. security awareness
I think the keyword here is "step to take first", and following the nature of gathering information is always the first step, I believe that it is better to gather findings of risky behavior first, and then establish/update policies based on these findings.
I would say A here
The first step in increasing security awareness is to identify the root causes of security issues, such as poor password hygiene, phishing susceptibility, or risky user behavior.
Evaluating tools that monitor user behavior (e.g., login anomalies, credential reuse, and failed authentication attempts) helps the security manager understand where the biggest risks exist.
Distributing reports on these findings provides data-driven insights to employees and management, making security awareness efforts more impactful.
Why Not the Other Options?
B - Newsletters provide passive awareness, but they do not actively identify or address specific risky behaviors.
C - Phishing simulations are useful but focus only on phishing risks. A broader risk assessment is needed first.
D - Policies are necessary, but updating documents alone does not actively increase awareness or change behavior.
Correct Answer: A. Evaluate tools that identify risky behavior and distribute reports on the findings.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Zeez3377
3 weeks, 1 day agoKonversation
1 month, 1 week agoprabh1251
1 month, 3 weeks agoTurrtle
2 months, 2 weeks agojaylom
1 month, 2 weeks agotest_arrow
2 months, 3 weeks agoPjoterK
2 months, 3 weeks ago