CISSP-ISSAP · Question #207
Which of the following types of attacks cannot be prevented by technical measures only?
The correct answer is A. Social engineering. Social engineering (A) targets human psychology rather than technical systems - no firewall, patch, or encryption can stop an employee from being manipulated into revealing credentials or clicking a malicious link. Defending against it requires ongoing security awareness training
Question
Which of the following types of attacks cannot be prevented by technical measures only?
Options
- ASocial engineering
- BBrute force
- CSmurf DoS
- DPing flood attack
How the community answered
(62 responses)- A82% (51)
- B10% (6)
- C3% (2)
- D5% (3)
Explanation
Social engineering (A) targets human psychology rather than technical systems - no firewall, patch, or encryption can stop an employee from being manipulated into revealing credentials or clicking a malicious link. Defending against it requires ongoing security awareness training, organizational policies, and cultural vigilance, making it fundamentally a people and process problem.
Brute force (B), Smurf DoS (C), and ping flood (D) are all network/system-level attacks that can be mitigated with technical controls: account lockout policies and rate limiting stop brute force; ingress filtering and disabling directed broadcasts prevent Smurf attacks; and firewalls or traffic-rate limits block ping floods.
Memory tip: Think "social = societal solution" - social engineering requires a social (human) response, not just a technical one.
Topics
Community Discussion
No community discussion yet for this question.