Sandeep wants to address the potential for impersonation attacks against her helpdesk. What technique is most likely to prevent impersonation attacks from being successful with her support staff?

Requiring callers to validate their identity using non-public information can help to prevent impersonation attacks. Not publishing a support number externally means that internal users will still have it and that it can be leaked or found. Requiring users to provide a callback number only works if business numbers are used, and this tends to prevent support from being effective for traveling users and others who may not be at a desk or able to use a soft phone due to technology issues. User awareness training won't protect the help desk staff from making mistakes.