nerdexam
EC-Council

312-50V11 · Question #694

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention to

The correct answer is A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your. Peter Smith refers to the human element as the weakest link - untrained or careless employees can be manipulated through social engineering to bypass even the strongest technical controls.

Social Engineering

Question

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

Options

  • AUntrained staff or ignorant computer users who inadvertently become the weakest link in your
  • B"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to
  • C"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will
  • DContinuous Spam e-mails cannot be blocked by your security system since spammers use

How the community answered

(37 responses)
  • A
    92% (34)
  • B
    5% (2)
  • C
    3% (1)

Why each option

Peter Smith refers to the human element as the weakest link - untrained or careless employees can be manipulated through social engineering to bypass even the strongest technical controls.

AUntrained staff or ignorant computer users who inadvertently become the weakest link in yourCorrect

Regardless of how many technical security controls are deployed, untrained or negligent users remain vulnerable to social engineering tactics such as phishing, pretexting, and baiting. Attackers exploit human psychology and ignorance rather than technical vulnerabilities to gain unauthorized access. This is why security awareness training is considered a critical layer of any defense-in-depth strategy.

B"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to

Zero-day exploits are unpatched software vulnerabilities, not the human behavior and social engineering susceptibility that Peter identifies as the fundamental weakest link.

C"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will

Polymorphic viruses are a technical malware challenge for antivirus systems, not the human ignorance or lack of training that Peter identifies as the root cause of security failures.

DContinuous Spam e-mails cannot be blocked by your security system since spammers use

Spam emails represent a technical delivery mechanism, not the human carelessness or lack of awareness that Peter identifies as the core weakness in the security chain.

Concept tested: Human factor as security weakest link

Source: https://csrc.nist.gov/publications/detail/sp/800-50/final

Topics

#human factor#security awareness#weakest link#social engineering

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice