212-82 Question #145: Real Exam Question with Answer & Explanation

Question

You are the lead cybersecurity specialist at a cutting-edge tech organization that specializes In developing artificial intelligence (Al)products for clients across various sectors. Given the sensitivity and proprietary nature of your products, ensuring top-notch security is of paramount importance. Late one evening, you receive an alert from your threat Intelligence platform about potential vulnerabilities In one of the third-party components your Al products heavily rely upon. This component is known to have integration points with several key systems within your organization. Any successful exploitation of this vulnerability could grant attackers unparalleled access to proprietary algorithms and client-specific modifications, which could be catastrophic in the wrong hands. While you are analyzing the threat's details, a member of your team identifies several unusual patterns of data access, suggesting that the vulnerability might already have been exploited. The potential breach's initial footprint suggests a highly sophisticated actor, possibly even a nation- state entity. Given the gravity of the situation and the potential consequences of a full-blown breach, what should be your immediate course of action to address the incident and ensure minimal risk exposure?

Options

• AEngage an external cybersecurity consultancy with expertise in nation-state level threats.
• BDisconnect the potentially compromised systems from the network, archive all logs and related
• CAlert the organization s legal and PR teams, preparing a communication strategy to notify clients
• DInitiate an emergency patching protocol, immediately updating all instances of the vulnerable

Explanation

Upon discovering a critical vulnerability in a third-party component that could lead to catastrophic access, the immediate priority is to contain the threat by disconnecting compromised systems and preserving evidence.

Common mistakes.

• A. Engaging an external cybersecurity consultancy is a valuable step for expert assistance, but it typically follows the initial containment and evidence preservation actions to ensure the immediate threat is mitigated.
• C. Alerting legal and PR teams and preparing communication strategies are important for managing the organizational and reputational impact, but these steps follow the immediate technical containment of the threat to ensure accurate information.
• D. Initiating an emergency patching protocol immediately without first assessing the scope of compromise and ensuring containment could disrupt investigations, destroy forensic evidence, or fail to address existing attacker persistence mechanisms.

Concept tested. Incident response containment and preservation

Reference. learn.microsoft.com/en-us/security/compass/incident-response-technical-guidance#contain-the-incident

No community discussion yet for this question.