nerdexam
CompTIA

SY0-301 · Question #633

Who should be contacted FIRST in the event of a security breach?

The correct answer is C. Incident response team. The incident response team must be contacted first during a security breach to coordinate containment, eradication, and recovery before other stakeholders are engaged.

Security operations

Question

Who should be contacted FIRST in the event of a security breach?

Options

  • AForensics analysis team
  • BInternal auditors
  • CIncident response team
  • DSoftware vendors

How the community answered

(41 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    88% (36)
  • D
    7% (3)

Why each option

The incident response team must be contacted first during a security breach to coordinate containment, eradication, and recovery before other stakeholders are engaged.

AForensics analysis team

Forensic analysts are engaged after the incident response team has secured and scoped the breach, not as the first contact.

BInternal auditors

Internal auditors focus on compliance verification and are not equipped to lead containment of an active security breach.

CIncident response teamCorrect

The incident response team owns the structured process for containing and managing a security breach according to frameworks such as NIST SP 800-61. Contacting them first ensures the breach is properly contained before evidence is disturbed, minimizing damage and preserving forensic integrity. All other roles - forensics, auditors, and vendors - are brought in as directed by the incident response process.

DSoftware vendors

Software vendors may be involved if a product vulnerability is identified, but only after the incident response team has assessed the situation.

Concept tested: Incident response team as first point of contact

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident response#breach notification#security procedures#escalation

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice