Exam SY0-601 topic 1 question 128 discussion

Answer: Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer. In this scenario, the help desk technician should be wary of the person's request as help desk technicians would not have this information. Also, if the person claimed to be from the cybersecurity incident response team, they would more likely to have access to this information anyway, or at least know who to contact. For the sake of the technician, it would be best to get as much information as possible and delegate the task of confirming the person's identity to the cybersecurity officer. Even in the very slim chance that it was a legitimate request, it would still be best for the cyber security officer to provide this information instead of a tech.

D->Request the caller send an email for identity verification and provide the requested information via email to the caller. -> This will allow to have a record of the requested information as well as identifying the requester.

C is the best answer. Using email to verify identity is a terrible idea!

Emails can be spoofed.

From working experience any type of request like this has to be requested in writing via email D. Request the caller send an email for identity verification and provide the requested information via email to the caller.

Why on earth would a member of the response team ask a help desk person to give them an IP? They would be much more likely to have that information on hand

C-> Can you imagine a real CSIRT calling helpdesk asking for the firewall IP address? Better get all the info you can get from them and pass it to the security team. Make sure you don't give them any more info such as your email other phone numbers etc.

never give any information over the phone, Inform the Cyber team

"I must express my disappointment with the cybersecurity community's response to the recent question. It appears that the answer provided was incorrect, which can be frustrating when seeking accurate information in this critical field."

Look up MGM hack = Answer is C

emailing a helpdesk is like creating a helpdesk ticket. 1. email add of the sender will be verified, 2. the request will go on the proper channel!. just my 2 cents

It asked for the BEST course of action, wouldn't C be the most secure?

D doesn't make sense given the firewall is supposedly compromised, why would you send data in the clear over email when the firewall is in question? It's C

I would go with C because in case someone is trying to scam help desk tech claiming that he belongs to cyber security team, then help desk tech should check and verify this information with Cybersec team if that person exists in their team and does he need that information. In case you decide for D and send requested info to sender without verifying his identity with the cyber sec team you could be wrong and send sensitive information to the hacker who maybe stole email credentials from the real guy.

In this situation, the technician should be cautious and follow proper security protocols. The caller's request to verify the network's internal firewall IP address is sensitive information that should not be disclosed over the phone without proper verification. Instead, the technician should gather as much information as possible about the caller, including their name and phone number, and then hang up the call. The next step is to notify the organization's cybersecurity officer or a designated authority about the incident so they can verify the legitimacy of the request and take appropriate actions if necessary.

In this scenario, the help desk technician receives a call from someone claiming to be from the organization's cybersecurity incident response team. It is essential to follow proper security protocols and procedures when dealing with sensitive information or requests for verification. Option A (Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller) is a good approach if the person is genuinely from the incident response team. However, it may not be feasible or practical in all situations, especially if the organization has a distributed workforce or remote teams. Option B (Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone) is not recommended because verifying the person's identity solely based on the email directory may not be enough to ensure their authenticity.

What if he is part of the organization's cybersecurity incident response team, and has the proper identity information? Why are you calling the cyber security officer before you even seen the identification?