CompTIA CySA+ (CS0-003) — Question 241

Following an attack, an analyst needs to provide a summary of the event to the Chief Information Security Officer. The summary needs to include the who-what-when information and evaluate the effectiveness of the plans in place. Which of the following incident management life cycle processes does this describe?

Answer options

• A. Business continuity plan
• B. Lessons learned
• C. Forensic analysis
• D. Incident response plan

Correct answer: B

Explanation

The correct answer is B, Lessons learned, because this process focuses on analyzing the incident to improve future responses and evaluate the effectiveness of existing strategies. Options A, C, and D do not specifically address the retrospective evaluation and learning aspect that is essential in refining incident management processes.