CISA Certified Information Systems Auditor – Question1595

What is the BEST approach to mitigate the risk of a phishing attack?

A.
implement an intrusion detection system (IDS)
B. Assess web site security
C. Strong authentication
D. User education

Correct Answer: D

Explanation:

Explanation:
Phishing attacks can be mounted in various ways; intrusion detection systems (IDSs) and strong authentication cannot mitigate most types of phishing attacks. Assessing web site security does not mitigate the risk. Phishing uses a server masquerading as a legitimate server. The best way to mitigate the risk of phishing is to educate users to take caution with suspicious internet communications and not to trust them until verified. Users require adequate training to recognize suspicious web pages and e-mail.