What should you do if sensitive customer data is accessed from an unknown foreign IP address? Learn why conducting a forensic investigation and notifying the cybersecurity team is the best response—essential for Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam success.
Table of Contents
Question
A security analyst notices that sensitive customer data has been accessed from an unknown foreign IP address. What is the most appropriate response?
A. Reset the affected user accounts.
B. Conduct a forensic investigation and notify the cybersecurity team.
C. Block all foreign IP addresses from network access.
D. Shut down the network to prevent further attacks.
E. Implement a company-wide password reset.
Answer
B. Conduct a forensic investigation and notify the cybersecurity team.
Explanation
Investigating the breach helps determine its scope and how to prevent future incidents.
The most appropriate response is to conduct a forensic investigation and notify the cybersecurity team.
When sensitive customer data is accessed from an unknown foreign IP, this indicates a potential data breach or unauthorized access. Immediate, coordinated action is required to determine the scope, method, and impact of the incident.
Digital forensics is used to collect and analyze evidence from affected systems, including log files, network activity, and memory, to identify how the breach occurred, what data was accessed, and whether the threat is ongoing.
Notifying the cybersecurity team ensures the incident is escalated to professionals trained in incident response, containment, and remediation. The team can coordinate further steps such as isolating affected systems, blocking malicious IP addresses, and preserving evidence for compliance and legal purposes.
Rushing to reset accounts or block all foreign IPs without investigation may disrupt business operations or destroy important evidence needed for a thorough response and future prevention.
A forensic investigation also supports compliance with legal and regulatory requirements for breach notification and documentation.
This approach enables a thorough understanding of the breach, limits further damage, and ensures compliance with incident response best practices and regulatory obligations.
Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam and earn Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification.