ExpertEasy1 markMultiple Choice
CPA · Question 32 · Area II: Security
A company uses a 'Phishing Simulation' to test employees. This is primarily a test of which security domain?
A company uses a 'Phishing Simulation' to test employees. This is primarily a test of which security domain?
Answer options:
A.
Physical Security
B.
Network Security
C.
Application Security
D.
Human Resource / Personnel Security
How to approach this question
Identify the target of the test. Who clicks the link? The human.
Full Answer
D.Human Resource / Personnel Security✓ Correct
D
Phishing simulations test the security awareness of employees (the human element). It falls under Personnel Security or Security Awareness Training.
Common mistakes
Classifying it as Email/Network security (which are technical controls, not the test subject).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium