CompTIA Security Plus Mock Test Q345

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

A. Policies
B. Procedures
C. Metrics
D. Standards

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training.

Incorrect Answers:
A, B: A user-awareness program helps individuals in an organization understand how to implement policies, procedures, and technologies to ensure effective security. Policies
together with procedures are part of the training and concerns that employees should be made aware of during the training process.
D: Standards refer to the types of policies and guidelines (the less formal type of policy) to measure risk and weighing risk.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 401