CompTIA Security+ (SY0-501) — Question 186

While investigating a virus infection, a security analyst discovered the following on an employee laptop:
✑ Multiple folders containing a large number of newly released movies and music files
✑ Proprietary company data
✑ A large amount of PHI data
✑ Unapproved FTP software
✑ Documents that appear to belong to a competitor
Which of the following should the analyst do FIRST?

Answer options

• A. Contact the legal and compliance department for guidance
• B. Delete the files, remove the FTP software, and notify management
• C. Back up the files and return the device to the user
• D. Wipe and reimage the device

Correct answer: A

Explanation

The correct action is to contact the legal and compliance department for guidance since the presence of proprietary information, PHI data, and competitor documents raises serious legal implications. Deleting files or wiping the device could compromise potential evidence in an investigation, while backing up and returning the device does not address the legal concerns.