CompTIA CySA+ (CS0-002) — Question 269

Which of the following BEST describes what an organization's incident response plan should cover regarding how the organization handles public or private disclosures of an incident?

Answer options

• A. The disclosure section should focus on how to reduce the likelihood customers will leave due to the incident.
• B. The disclosure section should contain the organization's legal and regulatory requirements regarding disclosures.
• C. The disclosure section should include the names and contact information of key employees who are needed for incident resolution.
• D. The disclosure section should contain language explaining how the organization will reduce the likelihood of the incident from happening in the future.

Correct answer: B

Explanation

The correct answer is B because an incident response plan must adhere to legal and regulatory obligations, ensuring compliance during disclosures. Options A, C, and D focus on customer retention, personnel details, and future prevention rather than the essential legal framework that must be followed during disclosures.