ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 280 discussion

Actual exam question from CompTIA's CAS-003
Question #: 280
Topic #: 1
[All CAS-003 Questions]

Company leadership believes employees are experiencing an increased number of cyber attacks; however, the metrics do not show this. Currently, the company uses `Number of successful phishing attacks` as a KRI, but it does not show an increase.
Which of the following additional information should be the Chief Information Security Officer (CISO) include in the report?

  • A. The ratio of phishing emails to non-phishing emails
  • B. The number of phishing attacks per employee
  • C. The number of unsuccessful phishing attacks
  • D. The percent of successful phishing attacks
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by TheThreatGuy at Feb. 20, 2021, 4:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
theguru
3 years, 7 months ago
C would complement what they already have which is the `Number of successful phishing attacks`. Also, including the "The number of unsuccessful phishing attacks" can easily allow them to get the * The ratio of phishing emails to non-phishing emails, * The number of phishing attacks per employee * The percent of successful phishing attacks
upvoted 1 times
...
noto21
4 years ago
If this were an exam question i would have chosen A. Firstly all CISOs are ratios and percentages driven. second, ratio of phishing to non phishing would show an increasing threat profile. This would be a good KRI. Then, from the phishing ratio, we can get the number of successful phishing attacks. Not sure if this is right or wrong but i'd chose that
upvoted 1 times
...
Trap_D0_r
4 years, 4 months ago
I agree the answer is C. If you're looking at N successful attacks, that doesn't give you the total number of attacks. The information needs to be supplemented with the number of net attacks, just not the attacks the are successful. Including the number of successful attacks and then percentage of successful attacks would also be confusing to report-readers, because they would see a decreasing percentage as the total volume of attacks went up and may not understand the correlation.
upvoted 4 times
...
TheThreatGuy
4 years, 4 months ago
I agree that D is correct, but so is C. If the # of successful phishing attacks is already being presented, and we add the number of unsuccessful attacks, we have the same information as the percentage.....
upvoted 1 times
D1960
4 years, 3 months ago
The question specifically states: "Which of the following **additional** information . . ."
upvoted 1 times
...
D1960
4 years, 3 months ago
They are trying to find out if there has been "an increased number of cyber attacks." The "percent of successful phishing attacks" would not really tell you that. If the number of successful attacks went up from 11% to 14%, that would not tell you if there were more total attacks.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel