Certified Ethical Hacker (CEH v12) — Question 170

A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?

Answer options

• A. Conduct comprehensive training sessions for employees on various social engineering methodologies and the risks associated with revealing confidential data.
• B. Implement a well-documented change management process for modifications related to hardware or software.
• C. Adopt a robust software policy that restricts the installation of unauthorized applications.
• D. Reinforce physical security measures to limit access to sensitive zones within the company premises, thereby warding off unauthorized intruders.

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of training employees to recognize and respond to social engineering tactics, which would have helped prevent the incident. Options B, C, and D, while beneficial for overall security, do not directly address the vulnerabilities related to social engineering and the risks of inadvertently sharing sensitive information over the phone.