CompTIA Security+ Question H-28

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

A. Policies
B. Procedures
C. Metrics
D. Standards

Answer: C

All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training.