CompTIA Security Plus Mock Test Q544

A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?

A. Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.
B. Obtain the vendor’s email and phone number and call them back after identifying the number of systems affected by the patch.
C. Give the caller the database version and patch level so that they can receive help applying the patch.
D. Call the police to report the contact about the database systems, and then check system logs for attack attempts.

Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/ server applications. However, it can also be used as a security threat.
In this question, the person making the call may be impersonating someone who works for a well-known database vendor. The actions described in this answer would mitigate the risk.
By not divulging information about your database system and contacting the vendor directly, you can be sure that you are talking to the right people.

Incorrect Answers:
B: Identifying the number of systems affected by the patch would involve divulging the version number to the caller without being able to verify his identity.
C: Giving the caller the database version and patch level so that they can receive help applying the patch would be divulging potentially sensitive information to someone without being able to verify their identity. The version information could then be used for malicious purposes later especially if that version of software has known vulnerabilities.
D: Calling the police to report the contact about the database systems, and then checking system logs for attack attempts may be overkill. You don’t know that the caller is malicious. He may well be from the vendor company. You just need a way to verify his identity.