ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a recent security incident review, you discover that several employees reset their MFA credentials after receiving voice calls that appeared to come from the corporate help-desk phone number. Because the company now allows soft-phone use on personal smartphones, you must update the security awareness training to reduce the risk of future vishing attacks without disrupting legitimate support interactions. Which of the following guidance should you emphasize?
Hang up and call the official help-desk number listed in the corporate directory before acting on any request received by phone.
Ask the caller to verify legitimacy by sending a confirmation text message from the same phone number before proceeding.
Enable mobile carrier spam-call filtering on all employee devices to automatically block unrecognized numbers.
Configure soft-phones to accept calls only from internal extensions and direct all other calls to voicemail for later review.
Vishing relies on spoofed Caller ID and social engineering to trick victims into revealing sensitive information or performing actions such as password resets. The most effective user-level countermeasure is to teach employees to independently verify any unsolicited support request. Hanging up and dialing the official help-desk number published on the company intranet or ID badge forces attackers to lose control of the channel and prevents them from exploiting spoofed numbers. Asking callers to send an SMS does not guarantee authenticity, since SMS can also be spoofed. Carrier spam-call blocking reduces nuisance calls but cannot stop targeted spoofed numbers. Refusing all non-internal calls would hinder business operations and is impractical. Therefore, instructing users to perform a trusted call-back is the best balance of security and usability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vishing and how is it different from phishing?
Open an interactive chat with Bash
How does Caller ID spoofing work and why is it dangerous?
Open an interactive chat with Bash
What practical steps can employees take to identify and prevent vishing attacks?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .