Back to Security Awareness and Training

Metrics and Reporting

5 minutes 5 Questions

Metrics and Reporting are essential concepts in Security Awareness and Training, as they enable organizations to measure the effectiveness of their training efforts and demonstrate compliance with industry regulations or standards. Developing appropriate security awareness metrics helps an organiza…

Test mode:
Start practice test
CompTIA Security+ - Metrics and Reporting Example Questions

Test your knowledge of Metrics and Reporting

Question 1

A security manager wants to demonstrate the effectiveness of a new security tool. Which metric is most appropriate for this purpose?

Correct Answer: Reduction in the number of false positives

A reduction in the number of false positives directly demonstrates the effectiveness of a security tool because it shows that the tool is correctly identifying and managing threats.

Question 2

You are analyzing the mean time to repair (MTTR) for incidents in your organization. Over the last 6 months, there have been 10 incidents that took 120, 135, 160, 150, 145, 90, 110, 105, 115, and 140 hours to resolve. Calculate the MTTR.

Correct Answer: 127

To calculate MTTR, divide the total number of hours spent resolving incidents by the total number of incidents. In this case, it is (120+135+160+150+145+90+110+105+115+140)/10, which equals 1270/10 = 127 hours.

Question 3

You have been tasked to analyze security metrics for the past year. You discover there has been a large increase in security events, but only a minimal increase in confirmed incidents. What would be the best explanation?

Correct Answer: Improved detection capabilities

An increase in security events with a minimal increase in confirmed incidents indicates improved detection capabilities. This means the organization is better able to identify and manage threats, resulting in more detected events but fewer actual incidents.

More Metrics and Reporting questions
2 questions (total)
Start 2 question test