Human Resources (HR) would like executives to undergo only two specific security training
programs a year. Which of the following provides the BEST level of security training for the
executives? (Select TWO).

A.
Acceptable use of social media

B.
Data handling and disposal

C.
Zero day exploits and viruses

D.
Phishing threats and attacks

E.
Clean desk and BYOD

F.
Information security awareness

Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the
organization, including enforcing security policies and procedures. Managers should receive
additional training or exposure that explains the issues, threats, and methods of dealing with
threats. Management will also be concerned about productivity impacts and enforcement and how
the various departments are affected by security policies.
Phishing is a form of social engineering in which you ask someone for a piece of information that
you are missing by making it look as if it is a legitimate request. An email might look as if it is from
a bank and contain some basic information, such as the user’s name. Executives an easily fall
prey to phishing if they are not trained to lookout for these attacks.