Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 3 Question 59 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 59
Topic #: 3
[All CAS-004 Questions]

An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training. Which of the following should the Chief Information Security Officer highlight as an area of Increased vulnerability in a report to the management team?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Chief Information Security Officer (CISO) should highlight social engineering as an area of increased vulnerability due to the lack of completion of security awareness training by employees. Social engineering attacks exploit human behavior, and employees who are not adequately trained are more likely to fall victim to phishing, pretexting, and other types of social engineering tactics. Increasing awareness and training helps employees recognize and respond appropriately to these threats.


CompTIA CASP+ CAS-004 Exam Objectives: Section 4.3: Understand how to conduct risk management activities.

CompTIA CASP+ Study Guide, Chapter 9: Risk Management and Incident Response.

by Taryn at Sep 10, 2024, 09:18 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Chauncey
2 months ago
I see your point, Anglea. APT targeting is indeed a serious threat, especially if employees are not trained to recognize and respond to it.
upvoted 0 times
...
Anglea
2 months ago
But what about APT targeting? That could also pose a significant risk if employees are not aware of security measures.
upvoted 0 times
...
Tracey
3 months ago
I agree with Isadora, social engineering can be a major threat if employees are not trained properly.
upvoted 0 times
...
Ira
3 months ago
APT targeting, no doubt. Those advanced persistent threats are probably salivating at the thought of cracking into our systems. We might as well roll out the red carpet for them.
upvoted 0 times
...
Leslie
3 months ago
Third-party compromise, for sure. With all those untrained employees, I bet our vendors and partners are just waiting to get their grubby hands on our data. Time to start vetting everyone's grandma!
upvoted 0 times
Lenna
2 months ago
C) APT targeting
upvoted 0 times
...
Von
2 months ago
B) Third-party compromise
upvoted 0 times
...
Gail
2 months ago
A) Social engineering
upvoted 0 times
...
...
Ilene
3 months ago
Haha, I bet the CISO is going to have a field day with this one. 'Hey boss, turns out the team is as security-savvy as a bunch of kindergarteners. Shall we start building a moat around the office?'
upvoted 0 times
...
Zachary
3 months ago
Social engineering, definitely! Humans are the weakest link in any security chain, and with less than 50% of employees trained, we're prime targets for some slick con artists.
upvoted 0 times
Laura
2 months ago
D) Pivoting
upvoted 0 times
...
Patrick
2 months ago
C) APT targeting
upvoted 0 times
...
Verona
2 months ago
B) Third-party compromise
upvoted 0 times
...
Daron
2 months ago
A) Social engineering
upvoted 0 times
...
...
Isadora
3 months ago
I think the Chief Information Security Officer should highlight social engineering as an area of increased vulnerability.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77