CompTIA CySA+ (CS0-003) — Question 177

After an incident, a security analyst needs to perform a forensic analysis to report complete information to a company stakeholder. Which of the following is most likely the goal of the forensic analysis in this case?

Answer options

• A. Provide a full picture of the existing risks.
• B. Notify law enforcement of the incident.
• C. Further contain the incident.
• D. Determine root cause information.

Correct answer: D

Explanation

The correct answer is D, as determining the root cause is essential for understanding how the incident occurred and preventing future occurrences. Options A and C focus on risk assessment and containment, which are important but not the primary goal of forensic analysis. Option B is relevant but pertains to legal obligations rather than the analytical goal of understanding the incident.