Question

A breach was caused by an insider threat in which customer PII was compromised. Following the breach, a lead security analyst is asked to determine which vulnerabilities the attacker used to access company resources.

Which of the following should the analyst use to remediate the vulnerabilities?

A. Protocol analyzer
B. Root cause analysis
C. Behavioral analytics
D. Data leak prevention

Answer 1

To remediate the vulnerabilities after a data breach in which customer PII was compromised, a lead security analyst should use Root Cause Analysis.

Step-by-step explanation:

When addressing the problem of a data breach caused by an insider threat in which customer Personally Identifiable Information (PII) was compromised, the lead security analyst should consider using Root Cause Analysis (RCA) to remediate the vulnerabilities.

RCA is a methodology focused on identifying the fundamental causes of issues. In contrast to merely dealing with symptoms, RCA provides a deeper investigation into the series of events or conditions that led to the undesirable outcome, enabling more efficient and targeted remediation strategies.

Behavioral analytics could help in identifying unusual activities that indicate a potential threat, and Data Leak Prevention (DLP) mechanisms are more preventative, designed to protect data from exfiltration rather than investigate an existing breach.