CompTIA CySA+ (CS0-002) — Question 343

A help desk technician inadvertently sent the credentials of the company's CRM in cleartext to an employee's personal email account. The technician then reset the employee's account using the appropriate process and the employee's corporate email, and notified the security team of the incident. According to the incident response procedure, which of the following should the security team do NEXT?

Answer options

• A. Contact the CRM vendor.
• B. Prepare an incident summary report.
• C. Perform postmortem data correlation.
• D. Update the incident response plan.

Correct answer: B

Explanation

The correct answer is B because preparing an incident summary report is a critical step in documenting what occurred and what actions were taken. While contacting the CRM vendor, performing data correlation, and updating the incident response plan may be important, they are not the immediate next step in the response procedure.