{{Question01}}
Correct Answers:
A: Confirm scope and type of the data breached (e.g. quantity, from which systems)
B: Understand if any system tests and analysis have been performed to ensure the breach is still not ongoing.
C: Status on any breach notification process to users (mandated in some jurisdications, CCPA, GDPR, HIPAA)
All this information should be collected when first meeting with management.