CISSP · Question #148
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns. What MUST
The correct answer is D. Employee education. Client-side attacks exploit human behavior and software vulnerabilities on end-user systems, making employee education the foundational control to reduce susceptibility to such threats.
Question
Options
- AApproved web browsers
- BNetwork firewall procedures
- CProxy configuration
- DEmployee education
How the community answered
(37 responses)- A3% (1)
- B8% (3)
- C16% (6)
- D73% (27)
Why each option
Client-side attacks exploit human behavior and software vulnerabilities on end-user systems, making employee education the foundational control to reduce susceptibility to such threats.
Restricting approved web browsers limits the attack surface of browser-specific vulnerabilities but does not address the broader range of client-side exploitation vectors such as phishing emails or malicious attachments that bypass browser controls.
Network firewall procedures protect the network perimeter and control traffic flow but do not mitigate client-side attacks that originate from user interactions with malicious content already permitted through the firewall.
Proxy configuration can filter malicious URLs and enforce content policies, but it is a technical control that can be bypassed and does not address the human behavioral element that client-side attacks fundamentally exploit.
Client-based attacks such as phishing, social engineering, and drive-by downloads primarily exploit user behavior rather than network infrastructure. Employee education trains users to recognize and avoid malicious content, suspicious links, and deceptive tactics, directly reducing the attack surface at the human layer. Security awareness programs are consistently recognized as a must-have control because technical controls alone cannot compensate for uninformed end users.
Concept tested: Mitigating client-side attacks through security awareness
Source: https://www.cisa.gov/resources-tools/resources/security-awareness-training
Topics
Community Discussion
No community discussion yet for this question.