Exam CS0-003 Topic 1 Question 268 Discussion
Actual exam question for CompTIA's CS0-003 exam
Question #: 268
Topic #: 1
Question #: 268
Topic #: 1
A security analyst provides the management team with an after-action report for a security incident. Which of the following is the management team most likely to review in order to correct validated issues with the incident response processes?
Suggested Answer: B Vote an answer
The lessons learned phase is a formal step in the incident response process where teams review what went wrong, what worked, and how to improve future responses. Management uses this to adjust policies, procedures, and controls based on real incident experiences.
Tabletop (A) is a simulated discussion, not post-incident.
Root cause analysis (C) finds technical origins but doesn't focus on process improvement.
Forensics (D) supports investigation but not process revision.
Reference:
CS0-003 Domain 3.0 - Post-Incident Activities
Chapple & Seidl - Study Guide, Chapter 11: Containment and Recovery
Tabletop (A) is a simulated discussion, not post-incident.
Root cause analysis (C) finds technical origins but doesn't focus on process improvement.
Forensics (D) supports investigation but not process revision.
Reference:
CS0-003 Domain 3.0 - Post-Incident Activities
Chapple & Seidl - Study Guide, Chapter 11: Containment and Recovery
by Deirdre at May 30, 2025, 07:57 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).