CompTIA Cloud+ (CV0-004) — Question 53

A security analyst confirms a zero-day vulnerability was exploited by hackers who gained access to confidential customer data and installed ransomware on the server. Which of the following steps should the security analyst take? (Choose two.)

Answer options

• A. Contact the customers to inform them about the data breach
• B. Contact the hackers to negotiate payment to unlock the server
• C. Send a global communication to inform all impacted users
• D. Inform the management and legal teams about the data breach
• E. Delete confidential data used on other servers that might be compromised
• F. Modify the firewall rules to block the IP addresses and update the ports

Correct answer: D, F

Explanation

The correct actions are to inform the management and legal teams (D) to ensure compliance with regulations and proper response, and to modify the firewall rules (F) to prevent further unauthorized access. Contacting customers (A) or hackers (B) is not advisable, and deleting data (E) without proper investigation could lead to loss of evidence.