Question 6 - CompTIA (CYSA+) Analyst+ CS0-003 Real Exam Questions [Jan 2026 Update]

Q: 6

During an incident, analysts need to rapidly investigate by the investigation and leadership teams. Which of the following best describes how PII should be safeguarded during an incident?

Options

Correct Answer:

Explanation

The most effective method for safeguarding Personally Identifiable Information (PII) during an incident investigation is to combine technical controls with administrative controls. Encrypting the data (a technical control) protects it from unauthorized access if the storage medium is compromised. Simultaneously, limiting permissions within the investigation team (an administrative control) adheres to the principle of least privilege, ensuring that only authorized personnel with a direct need-to-know can access the sensitive data. This dual approach minimizes the risk of accidental exposure or insider threats while still enabling the investigation to proceed.

Why Incorrect

A. "Close the data so only the company has access" is overly broad and insecure, as it does not implement the principle of least privilege within the organization.

C. Creating a data deletion procedure is a crucial part of data lifecycle management but is not the most immediate or primary action for safeguarding data during an active incident.

D. "Permissions are open only to the company" is not a security control; it implies a lack of internal access controls and violates the principle of least privilege.

---

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-122

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).

Section 4.4

"Restrict PII Access

" states

"Organizations should restrict access to PII to only those individuals who have a need to know... This is often referred to as the principle of least privilege." (Page 29).

Section 4.5

"Protect PII at Rest and in Transit

" recommends

"Organizations should consider using encryption to protect the confidentiality of PII... PII should be encrypted when it is stored (at rest)..." (Page 30). This directly supports combining limited permissions and encryption.

2. National Institute of Standards and Technology (NIST) Special Publication 800-61 Rev. 2

Computer Security Incident Handling Guide.

Section 3.2.5

"Handling

" discusses the importance of protecting evidence and sensitive data during an investigation. It states

"Handling of data should be performed according to the policies and procedures that were established in the preparation phase... This includes... protecting sensitive information." (Page 31). This implies that pre-defined controls like access limitation and encryption should be applied.

3. MIT OpenCourseWare

6.858 Computer Systems Security

Fall 2014.

Lecture 1

"Introduction; Threat models

" introduces the core security principles of confidentiality

integrity

and availability. The lecture materials emphasize that confidentiality is often enforced through a combination of access control mechanisms and encryption

which aligns directly with the correct answer. (Available at ocw.mit.edu).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE