Exam CS0-003 Topic 1 Question 268 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 268
Topic #: 1
A security analyst provides the management team with an after-action report for a security incident. Which of the following is the management team most likely to review in order to correct validated issues with the incident response processes?

Suggested Answer: B Vote an answer

The lessons learned phase is a formal step in the incident response process where teams review what went wrong, what worked, and how to improve future responses. Management uses this to adjust policies, procedures, and controls based on real incident experiences.
Tabletop (A) is a simulated discussion, not post-incident.
Root cause analysis (C) finds technical origins but doesn't focus on process improvement.
Forensics (D) supports investigation but not process revision.
Reference:
CS0-003 Domain 3.0 - Post-Incident Activities
Chapple & Seidl - Study Guide, Chapter 11: Containment and Recovery

by Deirdre at May 30, 2025, 07:57 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10