Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 105

A security manager received an email from an anomaly detection service, that one of their contractors has downloaded 50 documents from the company's confidential document management folder using a company-owned asset al039-ice-4ce687TL0500. A security manager reviewed the content of downloaded documents and noticed that the data affected is from different departments. What are the actions a security manager should take?

Answer options

• A. Measure confidentiality level of downloaded documents.
• B. Report to the incident response team.
• C. Escalate to contractor's manager.
• D. Communicate with the contractor to identify the motives.

Correct answer: B

Explanation

The correct action is to report to the incident response team, as they are equipped to handle potential security incidents. Measuring the confidentiality level, escalating to the contractor's manager, and communicating with the contractor are not immediate actions to mitigate the risk of a data breach.