CompTIA CASP+ (CAS-004) — Question 514

After a security breach, an incident response team schedules a session with various stakeholders to discuss the results of the findings and explore ways to prevent similar incidents from reoccurring. Which of the following describes this step in the incident response process?

Answer options

• A. Lessons learned
• B. Containment
• C. Business impact analysis
• D. Tabletop exercise

Correct answer: A

Explanation

The correct answer is 'Lessons learned' as this phase focuses on reviewing the incident and identifying improvements for the future. 'Containment' refers to the actions taken to limit the damage, while 'Business impact analysis' assesses the effects of disruptions on business operations. 'Tabletop exercise' is a simulation to test responses, not a review of past incidents.