312-50V10 · Question #694
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention to
The correct answer is A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your. Peter Smith is referring to the human element - untrained or unaware users - as the weakest link that social engineering exploits to bypass even the most robust technical security controls.
Question
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?
Options
- AUntrained staff or ignorant computer users who inadvertently become the weakest link in your
- B"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to
- C"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will
- DContinuous Spam e-mails cannot be blocked by your security system since spammers use
How the community answered
(26 responses)- A92% (24)
- C4% (1)
- D4% (1)
Why each option
Peter Smith is referring to the human element - untrained or unaware users - as the weakest link that social engineering exploits to bypass even the most robust technical security controls.
Technical defenses such as firewalls, antivirus, and IDS protect against known attack vectors but cannot account for employees who are manipulated through social engineering techniques like phishing, pretexting, or baiting. An attacker who tricks a user into revealing credentials or installing malware effectively circumvents every technical control in place. Security awareness training is the countermeasure because no amount of technology can compensate for uninformed human behavior.
Zero-day exploits are undisclosed technical vulnerabilities, not the human-centric 'weakest link' concept Peter is describing - they are addressed through patch management and behavior-based detection, not by changing human behavior.
Polymorphic viruses are a technical malware category that evades signature-based antivirus scanners; this is a technology limitation, not the human vulnerability that Peter is referencing as the security chain's weakest link.
Spam email is a delivery mechanism for threats, not the fundamental human-factor vulnerability Peter is describing - spam can also be partially mitigated by technical controls unlike the broader human element.
Concept tested: Human element as weakest link in security
Source: https://www.nist.gov/publications/building-culture-security-awareness
Topics
Community Discussion
No community discussion yet for this question.