Question 9

Question

An engineer returned to work and realized that payments that were received over the weekend were
sent to the wrong recipient. The engineer discovered that the SaaS tool that processes these
payments was down over the weekend. Which step should the engineer take first?

Accepted Answer

Utilize the SaaS tool team to gather more information on the potential breach

Nina · Answer

If payments were intentionally tampered with, B might be first since that's a confirmed incident. Otherwise A.

Karan T. · Answer

Definitely start with A here. Need to confirm what happened with the SaaS tool before moving forward, since not every issue is a security breach. Pretty sure that's the safest first move, at least from other exam threads I've read.

Ravi K. · Answer

D imo makes sense if the focus was on fixing payments quickly, but since it's asking what to do first, A fits better because you need to figure out what happened before jumping to manual fixes. Is there a specific company policy that prioritizes incident escalation over initial investigation?

DirectTester1186 · Answer

Shouldn't we clarify exactly what caused the payment misdirection before alerting IR? If the SaaS tool was down and it's not confirmed as a breach, jumping straight to B seems premature. Anyone else think gathering info from the SaaS team (A) makes more sense as a first step?

QuietDev705 · Answer

A is right here, not B. You need to get info from the SaaS team before escalating this as a breach.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE