How should a suspected compromised user account be handled in the BCC?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the BMO Block 3 Battle Control Center (BCC) Test. Tackle questions with explanations and get ready for your exam with tailored quizzes and exam formats. Enhance your skills and confidence!

Multiple Choice

How should a suspected compromised user account be handled in the BCC?

Explanation:
When a user account is suspected to be compromised in the BCC, respond with rapid containment and formal incident handling. The goal is to stop the attacker from acting, preserve evidence, and start a structured investigation so you can understand the scope and prevent recurrence. Immediate suspension of access is essential because it immediately cuts off the attacker’s ability to operate within the system. A password reset helps ensure that even if credentials were obtained, they cannot be reused to regain entry. Incident escalation brings in the appropriate security and incident response teams to coordinate containment, communication, and next steps, ensuring the response follows proper procedures and timelines. Forensic log review is crucial to reconstruct what happened: when the compromise began, which systems were accessed, what actions were taken, and what data may have been involved. This evidence guides containment, remediation, and any breach notification requirements. Other approaches don’t provide adequate containment or evidence collection. Continuing to use the account with monitoring leaves the system exposed to ongoing harm. Informing the user but leaving the access unchanged misses an immediate risk and relies on the user’s judgment. Rotating staff but maintaining access doesn’t address the compromised credentials and can introduce coordination challenges and further risk.

When a user account is suspected to be compromised in the BCC, respond with rapid containment and formal incident handling. The goal is to stop the attacker from acting, preserve evidence, and start a structured investigation so you can understand the scope and prevent recurrence.

Immediate suspension of access is essential because it immediately cuts off the attacker’s ability to operate within the system. A password reset helps ensure that even if credentials were obtained, they cannot be reused to regain entry. Incident escalation brings in the appropriate security and incident response teams to coordinate containment, communication, and next steps, ensuring the response follows proper procedures and timelines. Forensic log review is crucial to reconstruct what happened: when the compromise began, which systems were accessed, what actions were taken, and what data may have been involved. This evidence guides containment, remediation, and any breach notification requirements.

Other approaches don’t provide adequate containment or evidence collection. Continuing to use the account with monitoring leaves the system exposed to ongoing harm. Informing the user but leaving the access unchanged misses an immediate risk and relies on the user’s judgment. Rotating staff but maintaining access doesn’t address the compromised credentials and can introduce coordination challenges and further risk.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy