CompTIA CySA+ (CS0-003) — Question 345

Which of the following best explains the importance of playbooks for incident response teams?

Answer options

• A. Playbooks define compliance controls and help keep the monitoring process that is in place fully aligned with regulatory requirements as designed by international rules.
• B. Playbooks help implement mitigation controls to prevent the occurrence of incidents in accordance with internal policies and procedures as designed by the IT team.
• C. Playbooks set baseline requirements that are implemented before incidents happen to ensure the proper monitoring process in order to collect metrics and KPIs that will be used for lessons-learned procedures after a postmortem analysis.
• D. Playbooks help minimize negative impacts and restore data, systems, and operations through highly detailed, preplanned procedures that will be followed when particular types of incidents occur.

Correct answer: D

Explanation

The correct answer, D, highlights that playbooks provide detailed procedures for managing incidents, helping to mitigate damage and recover operations. Options A, B, and C focus on compliance, prevention, and monitoring, which are important but do not directly address the specific role of playbooks in incident recovery and management.