CompTIA Security+ (SY0-701) — Question 330

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

Answer options

• A. Identify the attacker’s entry methods.
• B. Report the breach to the local authorities.
• C. Notify the applicable parties of the breach.
• D. Implement vulnerability scanning of the company's systems.

Correct answer: C

Explanation

The correct step is to notify the applicable parties of the breach, as they need to be aware of the situation to mitigate potential risks. Identifying the attacker's entry methods and implementing vulnerability scanning are important, but those actions follow after ensuring that affected parties are informed. Reporting to local authorities may be necessary, but it is not the immediate next step in communication with affected stakeholders.