SY0-701 Question #589: Real Exam Question with Answer & Explanation

Question

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

Options

• AIdentify the attacker's entry methods.
• BReport the breach to the local authorities.
• CNotify the applicable parties of the breach.
• DImplement vulnerability scanning of the company's systems.

Explanation

Notifying applicable parties (C) is the correct next step because once a breach involving proprietary data is confirmed, legal and regulatory obligations require timely notification to affected stakeholders - customers, partners, regulators, or executives - before further investigation work takes over. Identifying the attacker's entry method (A) is important but comes after notifications, as disclosure deadlines are often legally mandated and cannot wait. Reporting to local authorities (B) may eventually be required but is not the immediate next step and depends on the nature of the data; it also falls under the broader notification umbrella, not before it. Vulnerability scanning (D) is a remediation/prevention activity that belongs much later in the response lifecycle.

Memory tip: Think Confirm → Communicate → Contain → Clean up. Once a breach is confirmed, "Communicate" (notify) always comes before hunting the attacker or patching systems.

No community discussion yet for this question.