CompTIA Security+ (SY0-601) — Question 684

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP Address. Which of the following is the technician's BEST course of action?

Answer options

• A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
• B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
• C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.
• D. Request the caller send an email for identity verification and provide the requested information via email to the caller.

Correct answer: C

Explanation

The best course of action is to document the caller's information and report it to the cybersecurity officer, as this helps ensure that sensitive information is not disclosed without proper verification. Options A and B involve providing information without sufficient verification, which could lead to a security breach. Option D, while it seeks verification, may still expose sensitive information before confirming the caller's identity.