CompTIA CySA+ (CS0-003) — Question 306

A security analyst provides the management team with an after action report for a security incident. Which of the following is the management team most likely to review in order to correct validated issues with the incident response processes?

Answer options

• A. Tabletop exercise
• B. Lessons learned
• C. Root cause analysis
• D. Forensic analysis

Correct answer: B

Explanation

The correct answer is B, as 'Lessons learned' involves reviewing and understanding the shortcomings identified during the incident to improve future responses. While 'Root cause analysis' (C) helps identify the underlying issues, it is the lessons learned that directly inform the changes needed in the incident response processes. 'Tabletop exercise' (A) and 'Forensic analysis' (D) are useful for training and investigation, respectively, but do not specifically focus on correcting validated issues.