CompTIA
SY0-301 · Question #633
SY0-301 Question #633: Real Exam Question with Answer & Explanation
The correct answer is C: Incident response team. The incident response team must be contacted first during a security breach to coordinate containment, eradication, and recovery before other stakeholders are engaged.
Question
Who should be contacted FIRST in the event of a security breach?
Options
- AForensics analysis team
- BInternal auditors
- CIncident response team
- DSoftware vendors
Explanation
The incident response team must be contacted first during a security breach to coordinate containment, eradication, and recovery before other stakeholders are engaged.
Common mistakes.
- A. Forensic analysts are engaged after the incident response team has secured and scoped the breach, not as the first contact.
- B. Internal auditors focus on compliance verification and are not equipped to lead containment of an active security breach.
- D. Software vendors may be involved if a product vulnerability is identified, but only after the incident response team has assessed the situation.
Concept tested. Incident response team as first point of contact
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.