CompTIA CySA+ (CS0-002) — Question 94

Which of the following are the MOST likely reasons to include reporting processes when updating an incident response plan after a breach? (Choose two.)

Answer options

• A. To establish a clear chain of command
• B. To meet regulatory requirements for timely reporting
• C. To limit reputation damage caused by the breach
• D. To remediate vulnerabilities that led to the breach
• E. To isolate potential insider threats
• F. To provide secure network design changes

Correct answer: A, B

Explanation

The correct answers, A and B, emphasize the importance of clear communication and compliance with legal obligations after a breach. Options C, D, E, and F, while relevant to incident management, do not specifically address the need for formal reporting processes in the context of updating the incident response plan.