A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached.
Which of the following is the NEXT step the analyst should take to address the issue?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
If a security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached, the NEXT step the analyst should take to address the issue is to force a password reset for the impacted employees and revoke any tokens, which is option B.
The reason for this is that a breached employee account could provide an attacker with access to sensitive systems or data. Changing the password and revoking any tokens associated with the impacted employee accounts will help to prevent further unauthorized access using compromised credentials.
Option A, which suggests auditing access permissions for all employees to ensure least privilege, could be a good measure to implement in the long term, but it may not be the most urgent next step to take in response to a breach.
Option C, which suggests configuring SSO to prevent passwords from going outside the local network, is not relevant to the current issue of a breached employee account.
Option D, which suggests setting up privileged access management to ensure auditing is enabled, could also be a good measure to implement in the long term, but it may not be the most urgent next step to take in response to a breach.