nerdexam
EC-Council

312-50V10 · Question #752

An IT employee got a call from one our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both c

The correct answer is C. The employee should not provide any information without previous management authorization. This question tests security awareness around information disclosure, specifically the requirement to obtain management authorization before sharing internal company details with any external party.

Social Engineering

Question

An IT employee got a call from one our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

Options

  • AThe employee can not provide any information: but, anyway, he/she will provide the name of the
  • BSince the company's policy is all about Customer Service. he/she will provide information
  • CThe employee should not provide any information without previous management authorization
  • DDisregarding the call, the employee should hand up

How the community answered

(30 responses)
  • B
    3% (1)
  • C
    93% (28)
  • D
    3% (1)

Why each option

This question tests security awareness around information disclosure, specifically the requirement to obtain management authorization before sharing internal company details with any external party.

AThe employee can not provide any information: but, anyway, he/she will provide the name of the

Providing even the name of a technical contact without authorization is a partial disclosure that can enable social engineering by giving an attacker a named target.

BSince the company's policy is all about Customer Service. he/she will provide information

A customer service orientation does not override information security policies; disclosing internal infrastructure details without authorization is a security violation regardless of the customer relationship.

CThe employee should not provide any information without previous management authorizationCorrect

Sharing network infrastructure details, system configurations, or team information with any external caller - even a known customer - without prior management authorization violates fundamental information security policy. Legitimate integration opportunities follow formal channels such as NDAs, authorized contacts, and managed disclosure processes. Acting without authorization exposes the company to social engineering exploitation and potential data breaches.

DDisregarding the call, the employee should hand up

Hanging up is unnecessarily dismissive and unhelpful; the correct response is to acknowledge the inquiry and route it through proper authorization channels rather than ignoring it.

Concept tested: Information security policy and social engineering awareness

Source: https://csrc.nist.gov/publications/detail/sp/800-50/final

Topics

#social engineering#information disclosure#security policy#vishing

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice