nerdexam
Exams350-201Questions#61
Cisco

350-201 · Question #61

350-201 Question #61: Real Exam Question with Answer & Explanation

The correct answer is C: Turn off all access to the patient portal to secure patient records. When PII is actively being disclosed in real-time, immediate containment by disabling the affected system is the first priority to stop ongoing harm.

Processes

Question

A patient views information that is not theirs when they sign in to the hospital's online portal. The patient calls the support center at the hospital but continues to be put on hold because other patients are experiencing the same issue. An incident has been declared, and an engineer is now on the incident bridge as the CyberOps Tier 3 Analyst. There is a concern about the disclosure of PII occurring in real- time. What is the first step the analyst should take to address this incident?

Options

  • AEvaluate visibility tools to determine if external access resulted in tampering
  • BContact the third-party handling provider to respond to the incident as critical
  • CTurn off all access to the patient portal to secure patient records
  • DReview system and application logs to identify errors in the portal code

Explanation

When PII is actively being disclosed in real-time, immediate containment by disabling the affected system is the first priority to stop ongoing harm.

Common mistakes.

  • A. Evaluating visibility tools to check for tampering is an investigative step that should follow containment - continuing to run a compromised portal while investigating prolongs the active PII exposure.
  • B. Contacting a third-party handler may be a required step but is not the first action, since active data exposure must be stopped before escalation and coordination activities begin.
  • D. Reviewing logs to find code errors is a root-cause analysis activity that belongs after containment, as it does not stop the ongoing unauthorized disclosure of patient records.

Concept tested. Incident containment to stop active PII disclosure

Reference. https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html

Topics

#incident response#PII protection#containment#data breach

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201 Practice