A security analyst provides the management team with an after-action report for a security incident. Which of the following is the management team most likely to review in order to correct validated issues with the incident response processes?
Thelessons learnedphase is a formal step in the incident response process where teamsreview what went wrong, what worked, and how to improvefuture responses. Management uses this toadjust policies, procedures, and controlsbased on real incident experiences.
Tabletop (A)is a simulated discussion, not post-incident.
Root cause analysis (C)finds technical origins but doesn’t focus on process improvement.
Forensics (D)supports investigation but not process revision.
????Reference:
CS0-003 Domain 3.0 – Post-Incident Activities
Chapple & Seidl – Study Guide, Chapter 11: Containment and Recovery
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit