CompTIA Security Plus Mock Test Q310

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?

A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.

Incorrect Answers:
A: A business impact analysis (BIA) is concerned with evaluating the processes in the likelihood of a loss. A business impact analysis is an integral part of Business continuity planning which is a management tool that ensures that critical business functions can be performed when normal business operations are disrupted. In this case the question refers to a process within the incident response plan being carried out by an incident response team member.
C: Damage and loss Control is a critical, but a security officer arming employees (those in the vanguard) with tools to mitigate risk when they encounter an incident seems more like a first responder phase in incident response procedures.
D: Contingency planning is not normally part of an incidence response policy.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 429, 432