CompTIA CySA+ (CS0-003) — Question 412

A spillage incident results in the access of controlled information across multiple unauthorized business units. Which of the following response techniques should be implemented first?

Answer options

• A. Analysis and triage
• B. Containment and isolation
• C. Evidence and legal hold
• D. Escalation and monitoring

Correct answer: B

Explanation

The primary focus should be on containment and isolation to prevent further unauthorized access to the sensitive information. While analysis and triage, evidence and legal hold, and escalation and monitoring are important, they come after ensuring that the data leak is contained and that no additional exposure occurs.