During an internal security audit you discover that help-desk analysts immediately reset passwords whenever anyone phones in claiming to be a senior executive who is "locked out." What single procedural change would most reduce the likelihood of a successful phone-based impersonation while still allowing legitimate password-reset requests to continue?
Ask the caller to state their current password as proof of identity before performing the reset.
Hang up and call the requestor back on the personal or mobile number that HR has on file for that executive before performing the reset.
Approve the reset only after an email request is received from the same user account.
Upgrade the help-desk phone system to VoIP so that caller ID information is displayed on screen.
The most effective safeguard is to have the analyst hang up and place an out-of-band callback to a telephone number that was previously verified and stored in the HR or identity-management system (for example, the executive's registered mobile number). Because the help-desk initiates the call to a number obtained from an authoritative source, an attacker cannot succeed merely by spoofing caller ID or requesting a transfer. Requiring callers to reveal their current password, accepting an email from the same account, or relying on VoIP caller ID all leave the organization vulnerable to social-engineering and phishing attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is out-of-band verification?
Open an interactive chat with Bash
Why can relying on email or caller ID be insecure for password reset requests?
Open an interactive chat with Bash
How does social engineering exploit help-desk procedures?
Open an interactive chat with Bash
What is social engineering in cybersecurity?
Open an interactive chat with Bash
Why is an out-of-band callback an effective safeguard?
Open an interactive chat with Bash
How does caller ID spoofing work and why isn't it reliable?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Network and Perimeter Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .