nerdexam
(ISC)2

CISSP-ISSAP · Question #207

Which of the following types of attacks cannot be prevented by technical measures only?

The correct answer is A. Social engineering. Social engineering (A) targets human psychology rather than technical systems - no firewall, patch, or encryption can stop an employee from being manipulated into revealing credentials or clicking a malicious link. Defending against it requires ongoing security awareness training

Architect for Governance, Risk, and Compliance

Question

Which of the following types of attacks cannot be prevented by technical measures only?

Options

  • ASocial engineering
  • BBrute force
  • CSmurf DoS
  • DPing flood attack

How the community answered

(62 responses)
  • A
    82% (51)
  • B
    10% (6)
  • C
    3% (2)
  • D
    5% (3)

Explanation

Social engineering (A) targets human psychology rather than technical systems - no firewall, patch, or encryption can stop an employee from being manipulated into revealing credentials or clicking a malicious link. Defending against it requires ongoing security awareness training, organizational policies, and cultural vigilance, making it fundamentally a people and process problem.

Brute force (B), Smurf DoS (C), and ping flood (D) are all network/system-level attacks that can be mitigated with technical controls: account lockout policies and rate limiting stop brute force; ingress filtering and disabling directed broadcasts prevent Smurf attacks; and firewalls or traffic-rate limits block ping floods.

Memory tip: Think "social = societal solution" - social engineering requires a social (human) response, not just a technical one.

Topics

#Social Engineering#Attack Types#Technical Controls#Governance

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice