CompTIA CASP+ (CAS-004) — Question 316

A multinational organization was hacked, and the incident response team’s timely action prevented a major disaster. Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

Answer options

• A. To gather evidence for subsequent legal action
• B. To determine the identity of the attacker
• C. To identify ways to improve the response process
• D. To create a plan of action and milestones

Correct answer: C

Explanation

The correct answer is C because the primary purpose of an after action review is to evaluate the response and identify improvements for future incidents. Options A and B focus on legal aspects and identifying attackers, which are not the core aims of the review process. Option D, while related to planning, does not capture the essence of improving response strategies.