Exam ISO-IEC-27035-Lead-Incident-Manager Topic 3 Question 50 Discussion

Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 50
Topic #: 3
What is a key activity in the response phase of information security incident management?

Suggested Answer: A Vote an answer

Comprehensive and Detailed Explanation From Exact Extract:
During the response phase, one of the most critical activities-according to ISO/IEC 27035-1 and 27035-2- is the documentation of actions, decisions, and results. Clause 6.4.6 of ISO/IEC 27035-1 emphasizes that all activities must be logged to support post-incident analysis, audit trails, and lessons learned. This ensures that:
Accountability is maintained
Decisions can be reviewed
Investigations are legally sound (especially in regulated environments) While restoring systems (Option C) typically occurs in the recovery phase, logging activities and outcomes is essential during the actual response. Change control processes (Option B) are supporting functions but are not core to the immediate response phase.
Reference:
ISO/IEC 27035-1:2016, Clause 6.4.6: "All incident response actions and decisions should be recorded to enable traceability and facilitate future improvement." Correct answer: A
-

by Humphrey at Mar 16, 2026, 01:26 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10