Domain 5 of 5 · Chapter 6 of 6

Security Awareness

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing CompTIA Security+ premium course — no separate purchase.

Included in this chapter:

  • Phishing: campaigns, recognition, and responding to reports
  • Recognizing anomalous behavior and insider threat
  • User guidance and training topics
  • Program lifecycle: development, execution, reporting, and monitoring

Anomalous-behavior category and awareness topic → what the user must recognize/do

Awareness elementCategory / focusWhat the user recognizes or doesProgram example
Anomalous behavior: riskyKnowing policy bypassCatch and stop deliberate shortcuts (password reuse, disabling AV, shadow IT)Acceptable-use policy + consequences in the handbook
Anomalous behavior: unexpectedPattern deviationNotice activity that breaks the norm (mass downloads, impossible-travel logins)Report-it culture feeding UEBA / monitoring
Anomalous behavior: unintentionalHonest mistakeRecognize and self-report accidental exposure (mis-sent email, bad share)No-blame reporting + corrective micro-training
Phishing recognitionSocial-engineering defenseSpot lures, hover links, verify out-of-band, do not clickSimulated-phishing campaign + report button
Insider threatTrusted-access riskRecognize warning signs in self and colleagues and escalateInsider-threat module + clear escalation path
Password managementCredential hygieneUse long unique passwords / a manager, never reuse or sharePassword-manager rollout + policy guidance
Removable media & cablesPhysical attack vectorNever plug in unknown USB drives or charging cablesDrop-test exercise + clear-desk / device policy
Operational security (OPSEC)Information leakageLimit what work detail is shared publicly or on social mediaOPSEC briefing + data-handling guidance
Hybrid / remote workOff-premises exposureSecure home network, use VPN, avoid shoulder-surfing, control devicesRemote-work situational-awareness module
Reporting & monitoringProgram feedback loopUse the reporting channel; program captures initial + recurring metricsBaseline report rate → recurring campaign tracking

Decision tree

Inbound message asking you to act (a lure)? No Yes Is it someone's behavior / system activity, not a message? High-stakes request (wire / credentials / bank change)? Knew the rule Off-pattern / honest slip Risky behavior report + enforce policy Unexpected or unintentional report (no-blame), feed monitoring Yes No / unsure Verify out-of-band call a known number; never reply Report, do not interact report button; no click/reply/forward Always: feed the loop — baseline (initial) then recurring metrics drive program revision awareness lowers likelihood; it does not replace mail filtering, DMARC, or MFA

Cheat sheet

  • Security awareness is the managed human-layer control
  • 5.6 tests running the awareness program, not naming the attack
  • A phishing campaign is a simulated phish against your own staff
  • Measure report rate, not just click rate, and never punish reporters
  • Verify an unexpected high-stakes request out-of-band
  • On a suspicious message, report: don't click, reply, or forward
  • Anomalous behavior splits into risky, unexpected, and unintentional
  • Risky vs. unexpected vs. unintentional turns on intent and pattern
  • Insider-threat awareness is the human early-warning sensor
  • Acceptable-use policy and handbooks are the acknowledged rules of behavior
  • Password training: long, unique, never reused, and it pairs with MFA
  • Removable media and cables: never plug in the unknown
  • OPSEC training limits the public detail adversaries can aggregate
  • Hybrid/remote-work awareness covers off-premises exposure
  • An awareness program is a managed lifecycle, not a one-time event
  • CompTIA splits the program into development and execution
  • Initial vs. recurring monitoring = set a baseline, then trend it
  • Effectiveness metric: do incidents drop after a campaign
  • Awareness lowers likelihood; it doesn't enforce
  • UEBA flags deviations from a learned behavioral baseline
  • Anonymous reporting plus non-retaliation drives insider-threat reporting

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. CompTIA Security+ (SY0-701) certification objectives
  2. NIST CSRC Glossary: Social Engineering Whitepaper
  3. NIST SP 800-50r1: Building a Cybersecurity and Privacy Learning Program Whitepaper