Exam CS0-002 topic 1 question 243 discussion

A. To establish a clear chain of command B. To meet regulatory requirements for timely reporting A. To establish a clear chain of command is important because it ensures that the individuals involved in the incident response process understand their roles and responsibilities and can work together effectively to contain the incident and minimize damage. B. To meet regulatory requirements for timely reporting is important because it ensures that the incident is communicated to the appropriate individuals and organizations in a timely manner, which can help to meet regulatory requirements and limit reputation damage.

Was on my exam. B and C for sure

Same as #422, except answer A is different. Upon further review, changing my vote to B&C after pulling this excerpt for the official CompTIA book: Why is it necessary to include marketing stakeholders in the incident response process? Data breaches can cause lasting reputational damage, so communicating failures sensitively to the media and the wider public and protecting the company's brand is important.

The two MOST likely reasons to include reporting processes when updating an incident response plan after a breach are: B. To meet regulatory requirements for timely reporting: Many industries and jurisdictions have specific regulations and legal requirements regarding the reporting of security breaches. Including reporting processes in the incident response plan ensures that the organization complies with these requirements, avoiding potential legal and regulatory consequences. C. To limit reputation damage caused by the breach: Reporting the breach promptly and effectively can help mitigate the potential damage to an organization's reputation. By having well-defined reporting processes in the incident response plan, the organization can respond quickly, communicate transparently with stakeholders, and demonstrate their commitment to addressing the breach. (chatGPT)

B and E is correct. Now, CD&F have nothing to do with reporting procedures. A is misleading. People vote for that one thinking it means "chain of custody", but it's referring to chain of command. "Britannica Dictionary definition of CHAIN OF COMMAND. [count] : a series of positions of authority or rank within an organization that are ordered from lowest to highest" The chain of command in a company refers to the different levels of command within the organization. Here we are talking about why reporting processes help in post-incident scenarios. If we know who we have reported to, we know at what phases we have included what people, which mean we are able to isolate potential insider threats.

REPORTING PROCESSES - It can only be A&B, all done in the first phase of incident response (Preparation) https://www.securitymetrics.com/blog/6-phases-incident-response-plan Please, if you are just going to say an answer without any backup of your reasons, remain silent.

No other responses have anything much to do with reporting.

"updating an incident response plan after a breach" Surely that is a compensatory change and so D is one of them....

I'm with trojan on this...answer should be AB.

This question is asking specifically about "reporting processes" so the only options dealing with reporting processes are A and F.

AF all the way

Changing my answer to AF.

DF sounds about right