Policies, procedures and end-user training are effective ways to mitigate:
A.
zero-day attacks
B.
attempted DDoS attacks
C.
man-in-the-middle attacks
D.
social engineering attempts
Explanation:
https://www.sans.org/reading-room/whitepapers/bestprac/defenses-zero-day-exploits-various-sizedorganizations-35562
What does end-user training has to do with zero-day attacks?
Almost sure the answer should be D. Social Engineering Attempts
After reading the paper more carefully it could be zero-day attacks as well… anyone can clear this up?
The smaller the organization the more likely the organization has less formalized
policies and procedures in regards to security. Often these organizations are unaware of
the potential risks from zero-day exploits and therefore do not know the importance of
defending against them. Medium to large organizations generally have formalized
policies and procedures and greater knowledge of the risks, and, consequently, are more
likely to try to defend against them.
Policies, procedures and end user awareness are nothing to do with zero day attacks they are primarily aimed at social engineering attempts, AIO get it right please