What is the primary purpose of security awareness training?

Correct answer: Educate employees about security risks and best practices to reduce human errors and social engineering attacks

Option B is correct because security awareness training educates employees about recognizing phishing, social engineering, password hygiene, and acceptable use policies, which directly reduces the likelihood of human error, which remains one of the leading causes of security incidents across organizations. Option A is incorrect because security awareness training does not eliminate the need for passwords; strong authentication practices, including passwords and multi-factor authentication, remain essential technical controls independent of user education. Option C is incorrect because security awareness training complements but never replaces technical controls such as firewalls, endpoint protection, and access management; both layers are required under a defense-in-depth strategy. Option D is incorrect because security awareness training should extend to all employees across the organization, not only IT staff, since non-technical users are frequently the primary targets of social engineering attacks.