nerdexam
EC-Council

312-50V11 · Question #607

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training wou

The correct answer is B. Social engineering. Social engineering assessments directly measure human susceptibility to manipulation, making them the most effective method for determining whether end-user security awareness training is needed.

Social Engineering

Question

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options

  • AVulnerability scanning
  • BSocial engineering
  • CApplication security testing
  • DNetwork sniffing

How the community answered

(50 responses)
  • A
    4% (2)
  • B
    84% (42)
  • C
    2% (1)
  • D
    10% (5)

Why each option

Social engineering assessments directly measure human susceptibility to manipulation, making them the most effective method for determining whether end-user security awareness training is needed.

AVulnerability scanning

Vulnerability scanning identifies technical weaknesses in systems and software configurations, providing no insight into human behavior or susceptibility to social manipulation.

BSocial engineeringCorrect

Social engineering techniques such as phishing simulations, pretexting, and baiting directly test whether users can recognize and resist manipulation attempts rather than identifying technical vulnerabilities. If users fall for simulated attacks, it demonstrates measurable gaps in security awareness that targeted training can remediate. No other listed technical assessment method can directly evaluate human behavioral risk, which is precisely what security awareness training is designed to reduce.

CApplication security testing

Application security testing evaluates the security of software code and its deployment configuration, which is entirely unrelated to measuring end-user awareness or resilience against social engineering.

DNetwork sniffing

Network sniffing captures and analyzes traffic for technical issues such as cleartext credentials or protocol anomalies, and does not assess user decision-making or security awareness.

Concept tested: Social engineering assessment for security awareness evaluation

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#social engineering#end-user awareness#security assessment#penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice