🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 9 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

During a weekly on-call rotation, a DevOps engineer receives an unsolicited phone call from someone claiming to be from AWS Support. The caller says an urgent breach investigation requires the engineer's current virtual MFA token to validate access. Which action BEST reflects proper security-awareness handling of this social engineering attempt?

  • Provide the MFA code after the caller sends a follow-up email from what appears to be an aws.com address.

  • Immediately hang up and disable the IAM user mentioned by the caller to prevent any possible misuse.

  • Decline to share the MFA code, end the call, and open a new case using the AWS console's official support channels.

  • Request the caller sign a nondisclosure agreement, then share the MFA code once the document is returned.

ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot