CompTIA CySA+ (CS0-001) — Question 250

The business has been informed of a suspected breach of customer data. The internal audit team, in conjunction with the legal department, has begun working with the cybersecurity team to validate the report. To which of the following response processes should the business adhere during the investigation?

Answer options

• A. The security analysts should not respond to internal audit requests during an active investigation
• B. The security analysts should report the suspected breach to regulators when an incident occurs
• C. The security analysts should interview system operators and report their findings to the internal auditors
• D. The security analysts should limit communication to trusted parties conducting the investigation

Correct answer: D

Explanation

The correct answer is D because maintaining communication only with trusted individuals helps protect sensitive information during the investigation. Option A is incorrect as collaboration can be crucial for understanding the situation. Option B is also wrong since reporting to regulators typically happens after internal validation. Option C is not the best choice as interviewing system operators might compromise the integrity of the investigation.