CompTIA CySA+ (CS0-001) — Question 189

During a tabletop exercise, it is determined that a security analyst is required to ensure patching and scan reports are available during an incident, as well as documentation of all critical systems. To which of the following stakeholders should the analyst provide the reports?

Answer options

• A. Management
• B. Affected vendors
• C. Security operations
• D. Legal

Correct answer: A

Explanation

The correct answer is A, Management, because they need to be informed about the status and security posture of the organization during an incident. Affected vendors, Security operations, and Legal may require certain information but are not the primary stakeholders responsible for oversight and decision-making in such situations.