The best answer is D. Conduct a phishing campaign.
To measure whether social engineering awareness training is effective, the best method is to run a simulated phishing campaign. This allows the organization to test employee behavior in a realistic but controlled way. The administrator can track who clicks suspicious links, opens attachments, submits credentials, or reports the email appropriately.
This is a practical and measurable way to evaluate training outcomes because it provides real performance data rather than opinions or assumptions.
Why the other options are incorrect:
A. Set up a honeypot.A honeypot is used to attract attackers or detect malicious activity, not to test employee awareness of social engineering.
B. Send out a survey.A survey may show how confident employees feel, but it does not objectively measure whether they can identify and resist real phishing attempts.
C. Set up a focus group.A focus group can gather feedback, but it is not the best method for testing actual security behavior.
From the SY0-701 perspective, user awareness training effectiveness is best measured through simulated phishing exercises and similar practical assessments.
