Q: 9
Which of the following would be BEST to help protect an organization against social engineering?
Options
Discussion
Option B makes the most sense. Social engineering attacks target people, not systems, so recurring training and support directly addresses the human element. D sounds good but is really just a policy update and won’t actually prevent users from falling for tricks. Pretty confident in B, but willing to hear other thoughts.
C or D? SSO (C) seems like it could help by reducing credential reuse, which attackers love in social engineering. Or maybe D if you focus on policy changes. Not totally convinced these beat regular training though.
encountered exactly similar question in my exam, on practice, went with B
Probably B here. Social engineering targets people, so technical stuff like complex passwords (A) or SSO (C) won’t really stop someone from being tricked. Recurring training and support actually helps users spot the scams. D isn’t enough, since policy alone won’t change behavior like regular awareness training will. Open to other views if I missed something, but pretty sure it’s B.
Honestly, I get why D looks appealing since enforcing social media rules does help, but I think B is the real answer. Ongoing training is what actually sharpens staff against phishing or pretext attacks, which are core to social engineering. C (SSO) and A (complex passwords) are more technical controls, not really fixing the human side. Pretty sure it's B, but open if I'm missing something here.
C or D for me. SSO (C) can really cut down on password reuse and minimize weak links, which I think helps against certain social engineering attempts. D could work too since policies steer employee behavior directly. Not 100 percent but SSO feels underrated here, anyone disagree?
Honestly, I'd pick D here since updating the code of conduct seems like it would directly address what staff can share publicly, which is a big social engineering risk. Option B looks tempting but feels less immediate to me.
D . Updating the code of conduct for social media use should help by setting clear boundaries on what employees can share or post, reducing info leaks that social engineers could use. I feel like policies make a more direct impact in limiting risky behavior, compared to just training which people might forget. Not 100% sure though, but D seems practical to me-anyone else see it differently?
C or D, since SSO or a stricter code of conduct could limit exposure, but not sure they're stronger than recurring training for this.
B , recurring training is what actually changes user behavior and helps them spot social engineering tricks. Password complexity and SSO (A/C) don’t really address human manipulation, just technical access. Not 100% but that’s how CompTIA likes to frame it from what I’ve seen.
Be respectful. No spam.
