CompTIA CySA+ (CS0-003) — Question 16

A security team conducts a lessons-learned meeting after struggling to determine who should conduct the next steps following a security event. Which of the following should the team create to address this issue?

Answer options

• A. Service-level agreement
• B. Change management plan
• C. Incident response plan
• D. Memorandum of understanding

Correct answer: C

Explanation

The correct answer is C, the Incident response plan, as it outlines the procedures and responsibilities for responding to security events. The other options, such as Service-level agreement and Memorandum of understanding, focus on different aspects of service delivery and collaboration, while a Change management plan deals with modifications in the IT environment rather than incident management.