Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 3 Question 59 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 59
Topic #: 3
[All CAS-004 Questions]

An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training. Which of the following should the Chief Information Security Officer highlight as an area of Increased vulnerability in a report to the management team?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Chief Information Security Officer (CISO) should highlight social engineering as an area of increased vulnerability due to the lack of completion of security awareness training by employees. Social engineering attacks exploit human behavior, and employees who are not adequately trained are more likely to fall victim to phishing, pretexting, and other types of social engineering tactics. Increasing awareness and training helps employees recognize and respond appropriately to these threats.


CompTIA CASP+ CAS-004 Exam Objectives: Section 4.3: Understand how to conduct risk management activities.

CompTIA CASP+ Study Guide, Chapter 9: Risk Management and Incident Response.

by Taryn at Sep 10, 2024, 09:18 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Chauncey
10 months ago
I see your point, Anglea. APT targeting is indeed a serious threat, especially if employees are not trained to recognize and respond to it.
upvoted 0 times
...
Anglea
10 months ago
But what about APT targeting? That could also pose a significant risk if employees are not aware of security measures.
upvoted 0 times
...
Tracey
10 months ago
I agree with Isadora, social engineering can be a major threat if employees are not trained properly.
upvoted 0 times
...
Ira
10 months ago
APT targeting, no doubt. Those advanced persistent threats are probably salivating at the thought of cracking into our systems. We might as well roll out the red carpet for them.
upvoted 0 times
...
Leslie
10 months ago
Third-party compromise, for sure. With all those untrained employees, I bet our vendors and partners are just waiting to get their grubby hands on our data. Time to start vetting everyone's grandma!
upvoted 0 times
Lenna
9 months ago
C) APT targeting
upvoted 0 times
...
Von
9 months ago
B) Third-party compromise
upvoted 0 times
...
Gail
10 months ago
A) Social engineering
upvoted 0 times
...
...
Ilene
10 months ago
Haha, I bet the CISO is going to have a field day with this one. 'Hey boss, turns out the team is as security-savvy as a bunch of kindergarteners. Shall we start building a moat around the office?'
upvoted 0 times
...
Zachary
10 months ago
Social engineering, definitely! Humans are the weakest link in any security chain, and with less than 50% of employees trained, we're prime targets for some slick con artists.
upvoted 0 times
Laura
9 months ago
D) Pivoting
upvoted 0 times
...
Patrick
9 months ago
C) APT targeting
upvoted 0 times
...
Verona
10 months ago
B) Third-party compromise
upvoted 0 times
...
Daron
10 months ago
A) Social engineering
upvoted 0 times
...
...
Isadora
10 months ago
I think the Chief Information Security Officer should highlight social engineering as an area of increased vulnerability.
upvoted 0 times
...

Save Cancel