Certified Information Systems Auditor (CISA) — Question 1112
Which of the following attack types is MOST effectively addressed by an organization's security awareness program?
Answer options
- A. Man-in-the-middle
- B. Phishing
- C. Structured query language (SQL) injection
- D. Distributed denial of service (DDoS)
Correct answer: B
Explanation
Phishing attacks are primarily aimed at deceiving users into revealing sensitive information, making them highly reliant on user awareness and training to recognize and avoid them. In contrast, the other attack types like Man-in-the-middle, SQL injection, and DDoS require technical defenses and do not depend as heavily on user behavior.