CompTIA CySA+ (CS0-001) — Question 56

A security analyst notices PII has been copied from the customer database to an anonymous FTP server in the DMZ. Firewall logs indicate the customer database has not been accessed from anonymous FTP server. Which of the following departments should make a decision about pursuing further investigation? (Choose two.)

Answer options

• A. Human resources
• B. Public relations
• C. Legal
• D. Executive management
• E. IT management

Correct answer: D

Explanation

The decision to investigate further in cases of data breaches often falls to Executive management, as they have the authority to allocate resources and make strategic decisions. While other departments may have roles in handling the aftermath, they do not typically have the authority to pursue investigations directly.