A recent penetration test discovered that several employees were enticed to assist attackers by visiting specific websites and running downloaded files when prompted by phone calls. Which of the following would best address this issue?
A.
Increasing training and awareness for all staff
B.
Ensuring that malicious websites cannot be visited
C.
Blocking all scripts downloaded from the internet
D.
Disabling all staff members’ ability to run downloaded applications
While I agree that A should be the answer as a whole. I must point out a flaw in the question itself. I hate to go all "english major" on this question, but the use of the word "entice" actually implies that the employees are being attracted or tempted by an offering of "pleasure, wealth, or advantage" in order to help the attackers. (im using the dictionary definition of entice in this case) The use of the word "entice" denotes that the employee is AWARE that they are helping an attacker in that moment. Based on how the question is worded, they are NOT being tricked.
Had to break the comment into two parts since it wouldnt let me post it all as one. To continue my previous thought, even if you train someone, if the person is the type that is going to be tempted to download something for monetary and run it for significant moneratary gain, theyre going to do it anyway, regardless of sufficient training or not. A strong arguement could be made for B because of the fact that the question implies that the employees are being bribed into assisting the attacker. Thus if the main problem is that the company cant trust the integrity of their employees they should block the malicious website. Perhaps the writer of this question didnt know what the word "enticed" means.
A) increasing training and awareness for all staff
We do this every year as part of our Penetration Testing as the Social Engineering part of it. Exact same scenario. PenTester calls our employees at random. "Hey, I'm working with so and so. Can you click this link and go to this website?" When we have users click and the report comes back, we assign remedial training. At the heart of this, the issue isn't a lack of technical control, but the human aspect of it. Social engineering is the culprit, and more training is the solution.
Increasing training and awareness for all staff (A): The root issue is human behavior—employees being susceptible to social engineering attacks. Training and awareness programs can educate staff on how to recognize and respond to such attempts, making this the most effective solution.
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
throughthefray
Highly Voted 1Â year, 4Â months agothroughthefray
1Â year, 4Â months ago[Removed]
Highly Voted 1Â year, 5Â months agocy_analyst
Most Recent 7Â months agoNarobi
1Â year, 4Â months agochaddman
1Â year, 6Â months agokmordalv
1Â year, 8Â months ago