After a phishing simulation, many users still almost submitted credentials to a fake Microsoft login page. Security wants to reduce repeat mistakes quickly without interrupting daily work. Which approach is best?

Send one enterprise-wide warning email listing every phishing indicator the users should memorize.

A broad warning is easy to ignore and usually does not change user behavior quickly.

Require all employees to retake the full annual security course immediately.

A full course is heavier than necessary for a targeted issue and may slow operations more than needed.

Remove email access for any user who clicked the simulation link.

Punitive access removal is disruptive and can discourage reporting and learning after a simulation.

What does this SY0-701 question test?

Static NAT maps one inside address to one outside address.

What is the correct answer to this question?

The correct answer is: Use short, targeted awareness messages with screenshots of the actual lure and an easy reporting path. — Targeted, short awareness messages are the best fit because they correct the specific behavior that caused the problem without overburdening the whole organization. Showing the actual lure helps users recognize what they saw in context, and an easy reporting path reinforces the right response. This approach is more effective than a generic warning or a heavy training event, and it preserves productivity while improving security behavior. Why others are wrong: A single enterprise-wide email is too generic to correct the exact mistake and is often forgotten quickly. Forcing everyone through the entire annual course is more disruptive than necessary for a narrow problem. Removing email access is punitive and operationally expensive, and it may create a culture where users hide mistakes instead of reporting them.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.