CompTIA CySA+ (CS0-003) — Question 336

A security analyst has just received an incident ticket regarding a ransomware attack. Which of the following would most likely help an analyst properly triage the ticket?

Answer options

• A. Incident response plan
• B. Lessons learned
• C. Playbook
• D. Tabletop exercise

Correct answer: C

Explanation

The correct answer is C, as a playbook outlines specific procedures and steps to follow during incidents like ransomware attacks, aiding in efficient triage. While an incident response plan (A) is useful, it is more general and may not provide the detailed guidance needed for immediate action. Lessons learned (B) and tabletop exercises (D) are valuable for future preparedness but do not assist in the immediate triage process.