312-50V10 · Question #607
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training wou
The correct answer is B. Social engineering. Social engineering directly tests whether users can be manipulated through deception, making it the most effective method to determine if end-user security awareness training is needed.
Question
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?
Options
- AVulnerability scanning
- BSocial engineering
- CApplication security testing
- DNetwork sniffing
How the community answered
(37 responses)- A3% (1)
- B73% (27)
- C16% (6)
- D8% (3)
Why each option
Social engineering directly tests whether users can be manipulated through deception, making it the most effective method to determine if end-user security awareness training is needed.
Vulnerability scanning identifies technical weaknesses in systems and software, not human behavior or susceptibility to manipulation.
Social engineering techniques such as phishing simulations, pretexting, and baiting directly probe the human element of security by attempting to manipulate employees into revealing information or taking unsafe actions. The results reveal gaps in user awareness and judgment that technical controls cannot address. This makes it the most relevant assessment method for evaluating whether security awareness training would be beneficial.
Application security testing focuses on code-level vulnerabilities such as injection flaws or broken authentication, not end-user security awareness.
Network sniffing captures and analyzes network traffic to detect technical issues or data leaks, and does not assess end-user decision-making or susceptibility to social attacks.
Concept tested: Social engineering as human security assessment method
Source: https://www.comptia.org/certifications/security
Topics
Community Discussion
No community discussion yet for this question.