312-50V9 · Question #500
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training wou
The correct answer is B. Social engineering. Social engineering directly tests whether end users can recognize and resist human-based manipulation attempts, making it the most relevant technique for assessing the need for security awareness training.
Question
When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?
Options
- AVulnerability scanning
- BSocial engineering
- CApplication security testing
- DNetwork sniffing
How the community answered
(21 responses)- A5% (1)
- B86% (18)
- C10% (2)
Why each option
Social engineering directly tests whether end users can recognize and resist human-based manipulation attempts, making it the most relevant technique for assessing the need for security awareness training.
Vulnerability scanning identifies technical flaws in systems, software, and configurations, and produces no information about end-user behavior or awareness.
Social engineering assessments - such as simulated phishing emails, vishing calls, or physical pretexting - directly measure real human susceptibility to deception and manipulation. The results expose behavioral and awareness gaps in the user population that targeted security training is designed to close, providing a direct data point for justifying and shaping training programs.
Application security testing evaluates the security of software code and logic, not the human factors that security awareness training addresses.
Network sniffing captures and analyzes traffic for unencrypted data or anomalies, but yields no insight into whether end users are susceptible to social manipulation.
Concept tested: Social engineering as human security awareness assessment
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.