Certified Ethical Hacker (CEH v13) — Question 123

A large corporation is planning to implement preventive measures to counter a broad range of social engineering techniques. The organization has implemented a signature-based IDS, intrusion detection system, to detect known attack payloads and network flow analysis to monitor data entering and leaving the network. The organization is deliberating on the next step. Considering the information provided about various social engineering techniques, what should be the organization's next course of action?

Answer options

• A. Implement endpoint detection and response solution to oversee endpoint activities
• B. Set up a honeypot to attract potential attackers into a controlled environment for analysis
• C. Deploy more security personnel to physically monitor key points of access
• D. Organize regular employee awareness training regarding social engineering techniques and preventive measures

Correct answer: D

Explanation

The correct answer is D because regular employee training raises awareness about social engineering threats and equips staff with the knowledge to recognize and respond to such tactics. Options A, B, and C, while beneficial for security, do not directly address the human element of social engineering, which is often exploited by attackers.