New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA SY0-701 Exam - Topic 5 Question 16 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 16
Topic #: 5
[All SY0-701 Questions]

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Show Suggested Answer Hide Answer
Suggested Answer: D

Risk threshold is the maximum amount of risk that an organization is willing to accept for a given activity or decision. It is also known as risk appetite or risk tolerance. Risk threshold helps an organization to prioritize and allocate resources for risk management. Risk indicator, risk level, and risk score are different ways of measuring or expressing the likelihood and impact of a risk, but they do not describe the maximum allowance of accepted risk.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 34;Accepting Risk: Definition, How It Works, and Alternatives


by Jacki at Jun 01, 2024, 10:32 PM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adrianna
3 months ago
Blocking automatic execution is a good idea, but not the only solution.
upvoted 0 times
...
Alease
3 months ago
Surprised they haven't done this sooner!
upvoted 0 times
...
Adelle
3 months ago
Training users is key, but it needs to be ongoing.
upvoted 0 times
...
Paulene
4 months ago
Posters won't stop users from clicking on links.
upvoted 0 times
...
Herman
4 months ago
I think implementing email security filters is a must!
upvoted 0 times
...
Yuette
4 months ago
I feel like creating additional training (option D) is important too, but I wonder if it would be enough on its own without other measures in place.
upvoted 0 times
...
Dorcas
4 months ago
I think updating EDR policies (option C) could help, especially if it prevents automatic execution of malicious files. That sounds familiar from our practice questions.
upvoted 0 times
...
Chaya
4 months ago
I'm not entirely sure, but I feel like just putting up posters (option A) won't really change user behavior in the long run.
upvoted 0 times
...
Lang
5 months ago
I remember we discussed how email filters can significantly reduce phishing attempts, so I think option B might be the best choice.
upvoted 0 times
...
Marvel
5 months ago
I'm a little confused by this question. Raising awareness and providing user training are good, but I'm not sure if that's the most effective way to reduce the impact when a user clicks a link. I'll have to review the options again and see if I can figure out the best approach.
upvoted 0 times
...
Franchesca
5 months ago
Okay, I've got this. The management team wants to reduce the impact, so the best approach is to implement email security filters to prevent the phishing emails from being delivered in the first place. That way, users won't even see the malicious links.
upvoted 0 times
...
Yuette
5 months ago
Hmm, I'm not sure about this one. There are a few options that seem reasonable, but I'm not confident I can pick the best one. I'll have to think it through carefully.
upvoted 0 times
...
Blythe
5 months ago
This looks like a straightforward question about mitigating phishing risks. I think the key is to focus on the management team's goal of reducing the impact when a user clicks on a phishing link.
upvoted 0 times
...
Sabrina
5 months ago
I've got a good strategy for this. I'll eliminate the options that don't directly address the ability of the product to function the same in different conditions, which is the core of "robust design."
upvoted 0 times
...
Jennifer
5 months ago
If I recall correctly, we definitely can't set up the Cisco Unified Communications Manager server right away. It always comes later in the process.
upvoted 0 times
...
Sophia
5 months ago
I think I remember that the Data Confidentiality pattern requires encryption for sensitive data, but I'm not sure if it applies to all message data in every case.
upvoted 0 times
...
Steffanie
5 months ago
I'm pretty confident that option D is the way to go here. Hosting the workload on-premises will ensure the low latency needed, and it's the best fit for a small IT team with limited Citrix experience.
upvoted 0 times
...
Truman
5 months ago
I thought changing the category would affect visibility, but it seems like we want to keep the same categories in a different order.
upvoted 0 times
...
Desirae
9 months ago
I'd like to see the analyst implement a two-factor authentication system. That way, even if someone clicks on a phishing link, they can't actually access sensitive information without an additional security step. Just a thought!
upvoted 0 times
Shawna
8 months ago
D: Let's bring this up to the management team as a potential solution.
upvoted 0 times
...
Alishia
8 months ago
C: I agree, it would help mitigate the risk of unauthorized access.
upvoted 0 times
...
Jina
9 months ago
B: That's a great idea! It would add an extra layer of security for our users.
upvoted 0 times
...
Cathern
9 months ago
A: We should definitely consider implementing a two-factor authentication system.
upvoted 0 times
...
...
Chantell
9 months ago
A) Putting up posters might be a good way to raise awareness, but it's not going to have a significant impact on reducing the click-through rate. This is like trying to put a band-aid on a gaping wound.
upvoted 0 times
...
Aja
10 months ago
I think C) Updating the EDR policies is a good idea, but it's more of a secondary measure. Blocking automatic execution of downloaded programs is important, but it won't stop the phishing emails from reaching the users in the first place.
upvoted 0 times
Jenelle
8 months ago
A: And then we can also consider updating the EDR policies as a secondary measure to block automatic execution of downloaded programs.
upvoted 0 times
...
Naomi
8 months ago
B: I agree, that way we can stop the phishing emails from even reaching the users' inboxes.
upvoted 0 times
...
Cordie
8 months ago
A: We should definitely go with B) Implement email security filters to prevent phishing emails from being delivered.
upvoted 0 times
...
...
Ty
10 months ago
D) Creating additional training for users is a great idea, but it shouldn't be the only step. Combining user education with technical controls like email filtering is the most effective approach.
upvoted 0 times
Cheryll
8 months ago
C: That's a good start, but we should also update our EDR policies to block automatic execution of downloaded programs.
upvoted 0 times
...
Lavera
9 months ago
B: I agree, we should implement email security filters to help prevent those emails from getting through.
upvoted 0 times
...
Tish
9 months ago
A: We need to do something about this high click-through rate on phishing emails.
upvoted 0 times
...
...
Tu
10 months ago
B) Implementing email security filters is the best way to prevent phishing emails from being delivered in the first place. Relying on user awareness alone is not enough to protect against sophisticated phishing attacks.
upvoted 0 times
Barrett
9 months ago
C: Updating the EDR policies to block automatic execution of downloaded programs could also help in reducing the impact of phishing attacks.
upvoted 0 times
...
Silva
9 months ago
B: Agreed, that would be a more proactive approach to protecting our organization.
upvoted 0 times
...
Tamar
10 months ago
A: We should definitely implement email security filters to prevent phishing emails from getting through.
upvoted 0 times
...
...
Mariann
10 months ago
I believe option D is also important. Providing additional training for users can help them recognize phishing attempts and avoid clicking on malicious links.
upvoted 0 times
...
Patria
11 months ago
I agree with Marge. Email security filters are a proactive measure to reduce the risk of users clicking on phishing links.
upvoted 0 times
...
Marge
11 months ago
I think we should go with option B. Implementing email security filters can help prevent phishing emails from reaching our employees.
upvoted 0 times
...

Save Cancel