Exam CISM topic 1 question 422 discussion

A. Conduct security awareness training

I believe that the answer is D. The question says associated with successful attack and If we consider that the attack has already happened, the focus should be on measures to mitigate the impact and prevent future occurrences. Comparing between B and D, D is the better answer, Enforce role-based access to help desk systems. Enforcing role-based access control (RBAC) directly aligns with the principles of limiting access based on the principle of least privilege. This means that even if an attacker successfully targets help desk staff, the potential damage is minimized because the compromised account would only have the minimum necessary access. This helps in containing the breach and reducing its impact. While B. Implement two-factor authentication enhances overall security and helps prevent unauthorized access, it is more about prevention rather than mitigating the impact after a successful attack.

Social engineering can be prevented by increasing user awareness

social eng is not only phishing ! Think to a phone call, tailgaiting etc .... it is always training A

It says a successful social engineering, which means the attack is in place. The only answer here is B to reduce the risk of the credential attack. A is the best to prevent the attack.

B.) Implement two-factor authentication, (Another question may say multi-factor authentication) A.) Helps to prevent social engineering attacks, not really helpful in a successful attack because at this point the security awareness training failed for this user. C.) Block access to social media (Not helpful) D.) Enforce role based access control (Yes helpful), their access would be restricted but they would still have access. (With B, the Attacker still has to succeed in completing the multifactor authentication process). This options reduces the risk over the others.

Only security awareness against social engineering

Preventing Social engineering attacks is mitigated by awareness training

Option A

A. Conduct security awareness training

For social engineering attacks one of the best ways it to conduct security awareness training

Attack is already successful, security awareness training is preventative, B 2FA would help reduce risk if social engineering attack is successful to get helpdesk password.