In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an
unauthorized individual gaining access to computing resources?
A.
Implementing on-screen masking of passwords
B.
Conducting periodic security awareness programs
C.
Increasing the frequency of password changes
D.
Requiring that passwords be kept strictly confidential
Explanation:
Social engineering can best be mitigated through periodic security awareness training for users
who may be the target of such an attempt. Implementing on-screen masking of passwords and
increasing the frequency of password changes are desirable, but these will not be effective in
reducing the likelihood of a successful social engineering attack. Requiring that passwords be kept
secret in security policies is a good control but is not as effective as periodic security awareness
programs that will alert users of the dangers posed by social engineering.