Conducting Forensic Analysis and Incident Response Using Cisco Technologies (CBRFIR) — Question 16

A security team is discussing lessons learned and suggesting process changes after a security breach incident. During the incident, members of the security team failed to report the abnormal system activity due to a high project workload. Additionally, when the incident was identified, the response took six hours due to management being unavailable to provide the approvals needed. Which two steps will prevent these issues from occurring in the future? (Choose two.)

Answer options

• A. Introduce a priority rating for incident response workloads.
• B. Provide phishing awareness training for the fill security team.
• C. Conduct a risk audit of the incident response workflow.
• D. Create an executive team delegation plan.
• E. Automate security alert timeframes with escalation triggers.

Correct answer: A, E

Explanation

Introducing a priority rating for incident response workloads ensures that critical incidents are addressed promptly, even during busy times. Automating security alert timeframes with escalation triggers helps to ensure that incidents are acted upon quickly, reducing delays caused by management unavailability. The other options, while beneficial, do not directly address the specific issues of prioritization and response time that led to the breach.