CompTIA CySA+ (CS0-001) — Question 214

Law enforcement has contacted a corporation's legal counsel because correlated data from a breach shows the organization as the common denominator from all indicators of compromise. An employee overhears the conversation between legal counsel and law enforcement, and then posts a comment about it on social media. The media then starts contacting other employees about the breach. Which of the following steps should be taken to prevent further disclosure of information about the breach?

Answer options

• A. Perform security awareness training about incident communication.
• B. Request all employees verbally commit to an NDA about the breach.
• C. Temporarily disable employee access to social media
• D. Have law enforcement meet with employees.

Correct answer: A

Explanation

The correct answer is A because conducting security awareness training about incident communication helps educate employees on the importance of confidentiality during incidents. Options B and C are reactive measures that may not effectively address the underlying issue of awareness. Option D does not prevent further disclosures and could potentially increase exposure if employees feel pressured to discuss the matter.