nerdexam
EC-Council

312-50V10 · Question #607

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training wou

The correct answer is B. Social engineering. Social engineering directly tests whether users can be manipulated through deception, making it the most effective method to determine if end-user security awareness training is needed.

Social Engineering

Question

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options

  • AVulnerability scanning
  • BSocial engineering
  • CApplication security testing
  • DNetwork sniffing

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    73% (27)
  • C
    16% (6)
  • D
    8% (3)

Why each option

Social engineering directly tests whether users can be manipulated through deception, making it the most effective method to determine if end-user security awareness training is needed.

AVulnerability scanning

Vulnerability scanning identifies technical weaknesses in systems and software, not human behavior or susceptibility to manipulation.

BSocial engineeringCorrect

Social engineering techniques such as phishing simulations, pretexting, and baiting directly probe the human element of security by attempting to manipulate employees into revealing information or taking unsafe actions. The results reveal gaps in user awareness and judgment that technical controls cannot address. This makes it the most relevant assessment method for evaluating whether security awareness training would be beneficial.

CApplication security testing

Application security testing focuses on code-level vulnerabilities such as injection flaws or broken authentication, not end-user security awareness.

DNetwork sniffing

Network sniffing captures and analyzes network traffic to detect technical issues or data leaks, and does not assess end-user decision-making or susceptibility to social attacks.

Concept tested: Social engineering as human security assessment method

Source: https://www.comptia.org/certifications/security

Topics

#social engineering#security assessment#end-user training#penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice