312-50V12 Question #189: Real Exam Question with Answer & Explanation

Question

A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?

Options

• AConduct comprehensive training sessions for employees on various social engineering
• BImplement a well-documented change management process for modifications related to hardware
• CAdopt a robust software policy that restricts the installation of unauthorized applications.
• DReinforce physical security measures to limit access to sensitive zones within the company

Explanation

The incident involved an employee inadvertently providing critical information during a phone conversation due to a social engineering attack. The most effective countermeasure would directly address the human factor and the specific attack vector.

Common mistakes.

• B. Change management processes are crucial for managing system modifications but do not directly prevent employees from being tricked into divulging information during a social engineering phone call.
• C. A robust software policy prevents unauthorized application installations but does not mitigate the risk of an employee being socially engineered over the phone.
• D. Physical security measures protect against unauthorized physical access to facilities, which is unrelated to a social engineering attack conducted via a phone conversation.

Concept tested. Social Engineering Prevention Training

Reference. https://learn.microsoft.com/en-us/microsoft-365/compliance/security-awareness-training?view=o365-worldwide

No community discussion yet for this question.