ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization migrating its customer data to AWS has suffered several recent spear-phishing attempts aimed at its finance employees. As the security administrator, you have been asked to roll out an awareness communication that is both cost-effective and tailored to this risk. Which action best aligns with SSCP best practices for matching security awareness content to specific organizational threats?
Schedule mandatory, in-person annual security classes for all staff that cover every known social-engineering technique, regardless of job function.
Create short, role-based email micro-trainings for the finance staff that explain how to recognize payment-fraud phishing, and reinforce them with periodic simulated phishing messages that record user clicks to measure improvement.
Block all external email to the finance department until a comprehensive corporate training program can be developed and deployed.
Distribute the full NIST phishing guidance document to every employee company-wide and require a signed acknowledgment within 24 hours.
SSCP guidance stresses that awareness efforts should address the organization's actual threat landscape, focus on the users who are most exposed, deliver concise messages through familiar channels, and include measurable feedback for continuous improvement. Sending monthly micro-training emails that teach finance staff how to spot finance-related spear phishing, reinforced by simulated phishing messages whose click rates are tracked, directly targets the at-risk audience, uses an inexpensive medium, and produces metrics to show whether the training is reducing risky behavior.
Forwarding generic guidelines to everyone provides no tailoring or measurement. Mandating an annual all-hands classroom session covers far more than the identified threat and costs considerably more while offering limited tracking. Disabling external email for finance would disrupt business operations and does not constitute an awareness communication. Therefore, the targeted, trackable micro-training with simulations is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is spear-phishing and how is it different from regular phishing?
Open an interactive chat with Bash
Why is role-based training necessary for cybersecurity awareness?
Open an interactive chat with Bash
How do simulated phishing campaigns help improve security awareness?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .