SANS MGT 433 NEW - Book 1
UPDATED Exam Questions and
CORRECT Answers
Desired Behaviors = Learning Objectives - CORRECT ANSWER - The outcomes we
want as a result of training.
- Identify key learning objectives for each risk
Poor LO
Better LO - CORRECT ANSWER - Poor LO - Learner understands how to securely
handle sensitive data
(unsure what to measure, too generic)
Better LO - Learner can explain and identify sensitive data
(specific, identifies a certain behavior or outcome)
Good password behaviors - CORRECT ANSWER - 1. Passphrases - multiple words,
longer, secure, easier to remember and type
2. Unique passwords for each account - for both personal and work
3. Password Managers - make passwords simple as possible, with password manager -
generating strong passwords, securely storing, confirming identity
4. MFA - use whenever possible. Most effective and strongest authentication
SebDB Behavior Database - CORRECT ANSWER - Security Behavior Database - created
by CybSafe. Identifies the most common risks, key behaviors that manage those risks, prioritizes
those behaviors. (1st book, pg 25)
Engage, motivate, change the behaviors. Think in terms of Marketing - CORRECT
ANSWER - Security is a product you are selling - you are the bridge between the security
, team and the workforce. Focus on Positive Engagement. - Build a program people want to be a
part of!!
BJ Fogg Behavior Model - CORRECT ANSWER - The science behind behavior change.
B=MAP
B=behavior M=motivation x A-ability x P=prompt
Cognitive Bias (book 1 page 30) - CORRECT ANSWER - Cognitive bias - how mental
shortcuts can negatively impact decision-making process
"Curse of knowledge" - the more of an expert you are, the harder it is to communicate it
Simon Sinek - Start with WHY - CORRECT ANSWER - The golden circle - 3 elements to
change
WHAT you want people to do
HOW you want them to do it
WHY - the emotional connection what drives behavior that EVERYONE Needs to understand!
AIDA Model - CORRECT ANSWER - Attention, Interest, Desire, Action - developed by
E. St. Elmo Lewis
Attention(A) - describing the problem, attract attention
Interest(I) - generate interest, what does it do how does it solve the problem?
Desire(D) - whats in it for me?!
Action(A) - enable the customer to take action, call to action, the individual is now taking on a
specific behavior
UPDATED Exam Questions and
CORRECT Answers
Desired Behaviors = Learning Objectives - CORRECT ANSWER - The outcomes we
want as a result of training.
- Identify key learning objectives for each risk
Poor LO
Better LO - CORRECT ANSWER - Poor LO - Learner understands how to securely
handle sensitive data
(unsure what to measure, too generic)
Better LO - Learner can explain and identify sensitive data
(specific, identifies a certain behavior or outcome)
Good password behaviors - CORRECT ANSWER - 1. Passphrases - multiple words,
longer, secure, easier to remember and type
2. Unique passwords for each account - for both personal and work
3. Password Managers - make passwords simple as possible, with password manager -
generating strong passwords, securely storing, confirming identity
4. MFA - use whenever possible. Most effective and strongest authentication
SebDB Behavior Database - CORRECT ANSWER - Security Behavior Database - created
by CybSafe. Identifies the most common risks, key behaviors that manage those risks, prioritizes
those behaviors. (1st book, pg 25)
Engage, motivate, change the behaviors. Think in terms of Marketing - CORRECT
ANSWER - Security is a product you are selling - you are the bridge between the security
, team and the workforce. Focus on Positive Engagement. - Build a program people want to be a
part of!!
BJ Fogg Behavior Model - CORRECT ANSWER - The science behind behavior change.
B=MAP
B=behavior M=motivation x A-ability x P=prompt
Cognitive Bias (book 1 page 30) - CORRECT ANSWER - Cognitive bias - how mental
shortcuts can negatively impact decision-making process
"Curse of knowledge" - the more of an expert you are, the harder it is to communicate it
Simon Sinek - Start with WHY - CORRECT ANSWER - The golden circle - 3 elements to
change
WHAT you want people to do
HOW you want them to do it
WHY - the emotional connection what drives behavior that EVERYONE Needs to understand!
AIDA Model - CORRECT ANSWER - Attention, Interest, Desire, Action - developed by
E. St. Elmo Lewis
Attention(A) - describing the problem, attract attention
Interest(I) - generate interest, what does it do how does it solve the problem?
Desire(D) - whats in it for me?!
Action(A) - enable the customer to take action, call to action, the individual is now taking on a
specific behavior
