CompTIA CySA+ (CS0-001) — Question 76

A security analyst with an international response team is working to isolate a worldwide distribution of ransomware. The analyst is working with international governing bodies to distribute advanced intrusion detection routines for this variant of ransomware. Which of the following is the MOST important step with which the security analyst should comply?

Answer options

• A. Security operations privacy law
• B. Export restrictions
• C. Non-disclosure agreements
• D. Incident response forms

Correct answer: D

Explanation

The correct answer is D, as incident response forms are essential for documenting the actions taken during a security incident, ensuring compliance and facilitating communication among involved parties. The other options, while important, do not directly pertain to the immediate actions required during a ransomware incident response.