The latest version, Nessus v6, enables you to reduce your attack surface by enforcing compliance and system hardening policies. Nessus users will more easily be able to create and customize compliance and security policies while also being able to manage scan results, schedules, and policies.
Often, it’s the goal of the social engineer to push an attack just one step further by obtaining a password, or even getting a name that can be dropped in a planned, deeper social engineering attack.
The OWASP Testing Project has been in development for many years. The aim of the project is to help people understand the what, why, when, where, and how of testing web applications.
When it comes to security best practices, Is it not prevention versus detection? Proactive mitigation or mopping up after the fact? Proactive risk assessment or trying to come up with an excuse once valuable data/info has been stolen?
Therefore IT audits and internal penetration testing before someone else (who you do not know) “audits” or “pen-tests” or simply hacks your environment are crucial.
“Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.”
I have nothing to add other than that the interviewer used a question or two to distract people from remembering their less than candid responses before getting the actual password. Smart strategy.