Certified Information Security Manager (CISM) — Question 460

Which of the following is the BEST way to reduce the risk associated with a successful social engineering attack targeting help desk staff?

Answer options

• A. Conduct security awareness training
• B. Implement two-factor authentication
• C. Block access to social media sites
• D. Enforce role based access to help desk systems

Correct answer: A

Explanation

The correct answer is A, as conducting security awareness training helps staff recognize and respond to social engineering tactics. Options B, C, and D may improve overall security but do not specifically address the human factor involved in social engineering attacks.