Which of the following attacks can be mitigated by providing proper training to the employees in an
organization?

A.
Social engineering

B.
Smurf

C.
Denial-of-Service

D.
Man-in-the-middle

Explanation:
Proper user training is an effective way of mitigating social engineering attacks. Social engineering is
the art of convincing people and making them disclose useful information such as account names
and passwords. This information is further exploited by hackers to gain access to a user’s computer
or network. This method involves mental ability of the people to trick someone rather than their
technical skills. A user should always distrust people who ask him for his account name or password,
computer name, IP address, employee ID, or other information that can be misused.
Answer option D is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts
an intermediary software or program between two communicating hosts. The intermediary software
or program allows attackers to listen to and modify the communication packets passing between the
two hosts. The software intercepts the communication packets and then sends the information to
the receiving host. The receiving host responds to the software, presuming it to be the legitimate
client.
Answer option C is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of
causing a negative impact on the performance of a computer or network. It is also known as network
saturation attack or bandwidth consumption attack. Attackers make DoS attacks by sending a large
number of protocol packets to a network.
Answer option B is incorrect. In a smurf attack, the attacker sends a large number of ICMP echo
requests at IP broadcast addresses using a fake source address. These requests appear to be coming
from the victim’s network address. Therefore, every computer within the broadcast domain starts
sending responses to the victim. As a result, the victim’s computer is flooded with responses.