CISSP · Question #298
CISSP Question #298: Real Exam Question with Answer & Explanation
The correct answer is B: Changing individual behavior. Social engineering attacks exploit human psychology rather than technical vulnerabilities, making behavioral change the most effective countermeasure since it addresses the root cause of susceptibility.
Question
Which of the following countermeasures is the MOST effective in defending against a social engineering attack?
Options
- AMandating security policy acceptance
- BChanging individual behavior
- CEvaluating security awareness training
- DFiltering malicious e-mail content
Explanation
Social engineering attacks exploit human psychology rather than technical vulnerabilities, making behavioral change the most effective countermeasure since it addresses the root cause of susceptibility.
Common mistakes.
- A. Mandating security policy acceptance is a compliance-based administrative control that does not guarantee employees will internalize or act on the policy, leaving human behavior unchanged against social engineering tactics.
- C. Evaluating security awareness training measures the effectiveness of a program but is an assessment activity, not a direct countermeasure; it does not itself change how individuals respond to social engineering attempts.
- D. Filtering malicious e-mail content is a technical control that addresses only one delivery channel (phishing emails) and does not protect against other social engineering vectors such as vishing, impersonation, or in-person pretexting.
Concept tested. Countermeasures against social engineering human vulnerabilities
Reference. https://csrc.nist.gov/publications/detail/sp/800-50/final
Topics
Community Discussion
No community discussion yet for this question.