SY0-701 Exam Dumps : CompTIA Security+ Exam 2026

The key phrase is “ensure that incidents receive the correct level of attention and response.” In operations, that aligns most directly with escalation—moving high-severity or time-sensitive incidents to the right people/teams quickly and consistently, according to predefined criteria (severity, impacted systems, threat intel enrichment, SLA timers). The Study Guide lists ticketing and escalation explicitly as automation use cases: “Ticket creation: Automation can streamline the ticketing process, enabling immediate creation and routing of issues to the right teams.” and, crucially for this question, “Escalation: In case of a major incident, scripts can automate the escalation process, alerting key personnel quickly.”

While automation can also handle notification and ticket creation, escalation is the control that most directly enforces that the incident gets the proper priority and response path (for example: paging on-call, invoking the IR lead, opening a bridge, and applying “major incident” workflows). Closure is typically less suitable because it often requires validation and human judgment to ensure containment, eradication, and recovery steps are complete.

This scenario describes a bug bounty program, which invites external security researchers to responsibly identify and report vulnerabilities in an organization’s systems. CompTIA Security+ SY0-701 defines bug bounty programs as structured initiatives that reward researchers for discovering and disclosing security flaws before they can be exploited by malicious actors.

Bug bounty programs extend security testing beyond internal teams and provide continuous, real-world testing of public-facing assets. They are particularly effective for identifying zero-day vulnerabilities, logic flaws, and edge-case issues that automated tools may miss.

Red teaming (B) is a controlled, internal or contracted adversarial exercise, not an open invitation. Open-source intelligence (C) involves gathering publicly available information, not vulnerability reporting. Third-party information sharing (D) refers to sharing threat intelligence, not soliciting vulnerability reports.

Because the CISO is inviting the broader security community to report vulnerabilities, the correct answer is A: Bug bounty.