🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional29 / 124
Question 29 of 124
During an active incident, a cloud SOC analyst confirms that customer PII stored in a multi-tenant SaaS database was accessed by an unauthorized party. The incident response plan is in the containment phase, and regulatory breach-notification clocks may soon start. The analyst wants to alert affected customers immediately via a mass email to demonstrate transparency. According to sound incident management and stakeholder communication practice, what should the analyst do FIRST?
Reviewed for accuracy · Report an issueNext question