Certified Information Security Manager (CISM) — Question 666

In a call center, the BEST reason to conduct a social engineering exercise is to:

Answer options

• A. gain funding for information security initiatives
• B. identify candidates for additional security training
• C. improve password policy
• D. minimize the likelihood of successful attacks

Correct answer: D

Explanation

The correct answer is D because the main goal of a social engineering exercise is to test and enhance the organization's defenses against manipulative tactics. While options A, B, and C may have their own merits, they do not address the fundamental purpose of such exercises, which is to lessen the risk of successful social engineering attacks.