CompTIA Security Plus Mock Test Q260

A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?

A. Contact their manager and request guidance on how to best move forward
B. Contact the help desk and/or incident response team to determine next steps
C. Provide the requestor with the email information since it will be released soon anyway
D. Reply back to the requestor to gain their contact information and call them


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It’s important that an incident response policy establish at least the following items:
Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team.

Incorrect Answers:
A: The manager may or may not be part of the incident response team.
C: The information has been marked Internal Proprietary Information and providing the information to the requestor would be in violation to the company.
D: You should have the incident response team handle the situation rather than addressing the issue yourself.

References:
Du Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 444-447