CS0-003 Question #79: Real Exam Question with Answer & Explanation

Question

Which of the following are the MOST likely reasons lo include reporting processes when updating an incident response plan after a breach? (Select TWO).

Options

• ATo establish a clear chain of command
• BTo meet regulatory requirements for timely reporting
• CTo limit reputation damage caused by the breach
• DTo remediate vulnerabilities that led to the breach
• ETo isolate potential insider threats
• FTo provide secure network design changes

Explanation

Including reporting processes in an incident response plan is critical for establishing a clear chain of command and meeting regulatory requirements for timely reporting.

Common mistakes.

• C. While timely and appropriate reporting can help mitigate reputation damage, this is an outcome, not the primary reason to specifically include the reporting process in the plan, which focuses on compliance and orderly communication.
• D. Remediating vulnerabilities is part of the containment and eradication phases of incident response, a distinct activity from the reporting processes that outline communication protocols.
• E. Isolating potential insider threats is a specific action taken during an incident, not a fundamental reason for the general inclusion of reporting processes within the plan.
• F. Providing secure network design changes is part of the post-incident improvement and lessons learned phase, not directly a reason for including reporting processes within the incident response plan.

Concept tested. Incident response plan - reporting importance

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

No community discussion yet for this question.