CERTIFIED-IN-CYBERSECURITY Question #152: Real Exam Question with Answer & Explanation

Question

When an incident occurs, which of the following is NOT a primary responsibility of an organization's incident response team?

Options

• ADetermining whether any confidential information has been compromised over the course of the
• BCommunicating with top management regarding the circumstances of the cybersecurity event
• CDetermining the scope of the damage caused by the incident
• DImplementing the recovery procedures necessary to restore security and recover from any

Explanation

While communicating with senior management about the circumstances of a cybersecurity event is important, it is not a primary responsibility of the incident response team. The response team's primary responsibility is to address the immediate impact of the incident and restore security as quickly as possible. For example, if a data breach occurs, the response team's focus would be on determining the extent of the breach, determining if any confidential information has been compromised, and implementing recovery procedures to restore security and recover from the damage. In fact, when an incident occurs, a response team's primary responsibilities include the following Determine the extent of the damage caused by the incident and the resources required to recover from it; Determine if any confidential information was compromised during the incident; Implementing the recovery procedures necessary to restore security and recover from the damage caused by the incident (including restoring systems, recovering data, and implementing any necessary security controls); Communicating with relevant parties (such as users, customers, and other stakeholders) about the incident and the steps needed to address it. Communication with senior management is typically the responsibility of the incident manager or designated spokesperson, not the incident response team.

No community discussion yet for this question.