Certified Information Security Manager (CISM) — Question 748

Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?

Answer options

• A. Requiring multifactor authentication
• B. Requiring challenge/response information
• C. Enforcing frequent password changes
• D. Enforcing complex password formats

Correct answer: A

Explanation

Requiring multifactor authentication (MFA) is the best defense as it adds an extra layer of security beyond just a password, making it harder for unauthorized users to gain access. The other options, while helpful, do not provide the same level of security against social engineering attacks since they primarily rely on password strength or user knowledge, which can be compromised.