A database administrator receives a call on an outside telephone line from a person who states
that they work for a well-known database vendor. The caller states there have been problems
applying the newly released vulnerability patch for their database system, and asks what version is
being used so that they can assist. Which of the following is the BEST action for the administrator
to take?
A.
Thank the caller, report the contact to the manager, and contact the vendor support line to
verify any reported patch issues.
B.
Obtain the vendor’s email and phone number and call them back after identifying the number of
systems affected by the patch.
C.
Give the caller the database version and patch level so that they can receive help applying the
patch.
D.
Call the police to report the contact about the database systems, and then check system logs
for attack attempts.
Explanation:
Impersonation is where a person, computer, software application or service pretends to be
someone or something it’s not. Impersonation is commonly non-maliciously used in client/server
applications. However, it can also be used as a security threat.
In this question, the person making the call may be impersonating someone who works for a wellknown database vendor. The actions described in this answer would mitigate the risk. By not
divulging information about your database system and contacting the vendor directly, you can be
sure that you are talking to the right people.