At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company's web servers can be obtained publicly and is not proprietary in any way. The next day the company's website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?

A. Refer to and follow procedures from the company's incident response plan.

B. Call a press conference to explain that the company has been hacked.

C. Establish chain of custody for all systems to which the systems administrator has access.

D. Conduct a detailed forensic analysis of the compromised system.

E. Inform the communications and marketing department of the attack details.






 

Suggested Answer: A





This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.