A database administrator receives a call on an outside telephone line from a person who states that they work
for a well-known database vendor. The caller states there have been problems applying the newly released
vulnerability patch for their database system, and asks what version is being used so that they can assist.
Which of the following is the BEST action for the administrator to take?
Thank the caller, report the contact to the manager, and contact the vendor support line to verify any
reported patch issues.
Obtain the vendor’s email and phone number and call them back after identifying the number of systems
affected by the patch.
Give the caller the database version and patch level so that they can receive help applying the patch.
Call the police to report the contact about the database systems, and then check system logs for attack
Impersonation is where a person, computer, software application or service pretends to be someone or
something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it
can also be used as a security threat.
In this question, the person making the call may be impersonating someone who works for a well-known
database vendor. The actions described in this answer would mitigate the risk. By not divulging information
about your database system and contacting the vendor directly, you can be sure that you are talking to the right