B. Disclose the incident.
E. Identify the exploited vulnerability.
When a data breach occurs, two important measures that should be taken are to disclose the incident and identify the exploited vulnerability. Disclosing the incident is important for transparency and to allow affected individuals to take steps to protect themselves. Identifying the exploited vulnerability can help to prevent future breaches and strengthen security measures.
Restoring the data from backup may be necessary if the data was lost or corrupted during the breach, but it is not a measure that should be taken in all cases. Disabling unnecessary ports, running an antivirus scan, and moving the data to a different location may be necessary steps to prevent further damage or to secure the environment, but they are not measures that should be taken immediately following a data breach.
Answer should be B and E.
Regarding CompTIA Server+ SK0-005 Objective. Objective 3.4 Explain data security risks and mitigation strategies.
It's obvious they mentioned "identification" and "disclosure".
IDENTIFICATION
First, the organization must know when it has been breached. It might surprise you to know that in many cases organizations don't even know that a breach has occurred for weeks or months! Identifying breaches involves deep inspection of log files by experienced technicians to identify that data loss has occurred.
DISCLOSURE
In many highly regulated industries, organizations are required by regulation or law to notify any users whose data has been disclosed. For example, in the healthcare field, the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA-covered entities and their business associates to provide notification following a breach of unsecured protected health information (PHI). As another example, all 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information (PII).
The Department of Justice takes a very dim view towards those who lose customers' personal information and then wait to tell the authorities. I don't care if this one gets marked wrong on the exam, if I ever find myself in the middle of such a situation, I'm going to sing like a bird.
Restoring from backup is unnecessary here as we dont know what exactly the breach affected.
Disclose incident is AFTER all other steps have been taken. The question states WHEN a data breach occurs.
Move the data to another location ... same issue. What data. Breach scope needs to be identified.
Identify the exploited vulnerability -- definitely
Disable ports and running antivirus scan between these two... antivirus should already have been running and this wasn't exactly a virus. So disable unnecessary ports is the only other option that makes any sense. Although this should have been done before this point. What should happen is that you remove the affected systems from the network but do NOT shut them off.
https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
surfuganda
6 months, 2 weeks agoerror77
7 months, 2 weeks agogingasaurusrex
1 year, 5 months agoPongsathorn
1 year, 10 months agoPongsathorn
1 year, 10 months agonixonbii
1 year, 11 months agoTimock
2 years ago