Which of the following is the BEST defense against successful phishing attacks?
A.
Intrusion detection system
B.
Application hardening
C.
End-user awareness
D.
Spam filters
Explanation:
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit
card details by masquerading as a trustworthy entity in an electronic communication. Phishing
attacks are a type of to social engineering attack and are best defended by end-user awareness
training.
Answer B is incorrect. Application hardening does not protect against phishing attacks since
phishing attacks generally use e-mail as the attack vector, with the end-user as the vulnerable
point, not the application.
Answer D is incorrect. Certain highly specialized spam filters can reduce the number of phishing emails that reach the inboxes of user, but they are not as effective in addressing phishing attack as
end-user awareness.
Answer A is incorrect. An intrusion detection system does not protect against phishing attackssince phishing attacks usually do not have a particular pattern or unique signature.