Certified Ethical Hacker (CEH v13) — Question 140

A company recently experienced a debilitating social engineering attack that led to substantial identity theft. An inquiry found that the employee inadvertently provided critical information during an innocuous phone conversation. Considering the specific guidelines issued by the company to thwart social engineering attacks, which countermeasure would have been the most successful in averting the incident?

Answer options

• A. Conduct comprehensive training sessions for employees on various social engineering methodologies and the risks associated with revealing confidential data.
• B. Implement a well-documented change management process for modifications related to hardware or software.
• C. Adopt a robust software policy that restricts the installation of unauthorized applications.
• D. Reinforce physical security measures to limit access to sensitive zones within the company premises, thereby warding off unauthorized intruders.

Correct answer: A

Explanation

The correct answer is A because comprehensive training for employees on social engineering methods directly addresses the risk of inadvertently disclosing sensitive information. Options B, C, and D focus on other aspects of security but do not specifically target the issue of social engineering, which was the root cause of the incident.