CompTIA CySA+ (CS0-002) — Question 210

A consumer credit card database was compromised, and multiple representatives are unable to review the appropriate customer information. Which of the following should the cybersecurity analyst do first?

Answer options

• A. Start the containment effort.
• B. Confirm the incident.
• C. Notify local law enforcement officials.
• D. Inform the senior management team.

Correct answer: D

Explanation

The first step in handling a security incident is to inform the senior management team, as they need to be aware of the situation and can provide direction on how to proceed. Starting containment, confirming the incident, or notifying law enforcement are all important steps but should follow after senior management has been informed and involved in the decision-making process.