Q: 6
During an incident, analysts need to rapidly investigate by the investigation and leadership teams.
Which of the following best describes how PII should be safeguarded during an incident?
Options
Discussion
B . Most exam guides and official practice tests stress using a mix of encryption and strict permissions for handling PII during incidents. Limiting access is classic least privilege, so B covers it. Anyone see issues here?
B. Had something like this in a mock exam, and the combo of restricting team permissions plus encryption covers both technical and procedural controls. Limits who can access PII while also protecting data at rest. Pretty sure that's what they're going for here.
B not A. A skips least privilege, which CompTIA loves for PII. Anyone see this asked a different way?
Its B, combining encryption and least privilege matches best practices for PII during incidents. The others only do part of the job. Pretty sure that's what CySA+ expects, but open to debate if there's a twist I missed.
Honestly feels like B fits best since it covers both limiting permissions (least privilege) and encryption during the investigation. Not 100 percent sure if C could make sense for data lifecycle, but here B looks right.
B is the right pick here. Limiting permissions plus encryption covers both admin and technical controls for PII, which lines up with least privilege practices during an incident. Not fully sure if anyone disagrees but that's how I've seen it on similar practice sets.
B, seen similar Q on practice tests and it's always about least privilege plus encryption for PII.
Its B, official guide and practice questions both emphasize limiting permissions and encryption for PII during incidents.
B
B . Option A misses least privilege, and C is more about lifecycle than incident response access control.
Be respectful. No spam.
