nerdexam
EC-Council

312-50V9 · Question #500

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training wou

The correct answer is B. Social engineering. Social engineering directly tests whether end users can recognize and resist human-based manipulation attempts, making it the most relevant technique for assessing the need for security awareness training.

Social Engineering

Question

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options

  • AVulnerability scanning
  • BSocial engineering
  • CApplication security testing
  • DNetwork sniffing

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    86% (18)
  • C
    10% (2)

Why each option

Social engineering directly tests whether end users can recognize and resist human-based manipulation attempts, making it the most relevant technique for assessing the need for security awareness training.

AVulnerability scanning

Vulnerability scanning identifies technical flaws in systems, software, and configurations, and produces no information about end-user behavior or awareness.

BSocial engineeringCorrect

Social engineering assessments - such as simulated phishing emails, vishing calls, or physical pretexting - directly measure real human susceptibility to deception and manipulation. The results expose behavioral and awareness gaps in the user population that targeted security training is designed to close, providing a direct data point for justifying and shaping training programs.

CApplication security testing

Application security testing evaluates the security of software code and logic, not the human factors that security awareness training addresses.

DNetwork sniffing

Network sniffing captures and analyzes traffic for unencrypted data or anomalies, but yields no insight into whether end users are susceptible to social manipulation.

Concept tested: Social engineering as human security awareness assessment

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#social engineering#security awareness training#end-user testing#penetration testing

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice