312-50V9 · Question #270
An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for bot
The correct answer is C. The employee should not provide any information without previous management authorization.. This is a classic social engineering scenario. An unsolicited caller claiming to be a 'best customer' and requesting detailed information about network infrastructure, systems, and personnel is a major red flag - regardless of how legitimate they sound. The correct security respo
Question
An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
Options
- ASince the company's policy is all about Customer Service, he/she will provide information.
- BDisregarding the call, the employee should hang up.
- CThe employee should not provide any information without previous management authorization.
- DThe employees can not provide any information; but, anyway, he/she will provide the name of the
How the community answered
(30 responses)- A3% (1)
- C93% (28)
- D3% (1)
Explanation
This is a classic social engineering scenario. An unsolicited caller claiming to be a 'best customer' and requesting detailed information about network infrastructure, systems, and personnel is a major red flag - regardless of how legitimate they sound. The correct security response is to never disclose sensitive organizational information without prior management authorization. Security policy exists precisely for situations like this, where an attacker may impersonate a trusted party (pretexting). Choice A violates the principle of least privilege and confidentiality. Choice B (hanging up) is unprofessional. Choice D is a partial measure but still risks disclosure. Only C ensures proper authorization before any sensitive data is shared.
Topics
Community Discussion
No community discussion yet for this question.