1) Which is most likely to improve detection of anomalous insider behavior?

2) Which action should follow the development of a new security awareness module?

3) What component supports accountability for user actions in awareness programs?

4) During training, users are shown a fake email from HR asking for tax info. What is being tested?

5) A user repeatedly sends files to personal email for convenience. What should be emphasized?

6) Which of the following best defines "operational security"?

7) What factor most affects the success of security awareness development?

8) A phishing email mimics a senior executive. What kind of attack is this?

9) Why is recurring training more effective than one-time training?

10) Security awareness in remote environments should include:

11) An employee plugs a personal charger into their work laptop, which begins behaving oddly. What risk was introduced?

12) What term describes sending fake emails to test staff susceptibility to phishing?

13) What should a security awareness program prioritize to reduce accidental insider risks?

14) Which is the most effective method for tracking security awareness program progress?

15) A USB device was found plugged into a secure server. What policy was most likely violated?

16) Which document usually outlines organizational expectations for security behavior?

17) What scenario would require heightened situational awareness training?

18) What should be a recurring focus of password training?

19) What security issue is most relevant in hybrid work environments?

20) A newly hired contractor asks a colleague to share login credentials. What is this an example of?

21) What is the most effective first response to a reported phishing email?

22) Which behavior is most likely to indicate an insider threat?

23) Which of the following best improves employee response to phishing attempts?

24) A company notices that an intern downloaded gigabytes of internal documents to a USB drive. What kind of behavior is this?

25) An employee receives an email urging immediate action to reset their password. The URL appears legitimate but points to an unfamiliar domain. What is this an example of?