CompTIA CySA+ (CS0-002) — Question 319

Which of the following are the most likely reasons to include reporting processes when updating an incident response plan after a breach? (Choose two.)

Answer options

• A. To use the SLA to determine when to deliver the report
• B. To meet regulatory requirements for timely reporting
• C. To limit reputation damage caused by the breach
• D. To remediate vulnerabilities that led to the breach
• E. To isolate potential insider threats
• F. To provide secure network design changes

Correct answer: B, C

Explanation

Incorporating reporting processes is essential to meet regulatory requirements for timely reporting (B), which helps organizations comply with laws. Furthermore, limiting reputation damage caused by the breach (C) is crucial for maintaining trust and credibility with stakeholders. The other options, while important, do not directly relate to the immediate need for reporting after a breach.