CompTIA CySA+ (CS0-003) — Question 347

Which of the following is the appropriate phase in the incident response process to perform a vulnerability scan to determine the effectiveness of corrective actions?

Answer options

• A. Lessons learned
• B. Reporting
• C. Recovery
• D. Root cause analysis

Correct answer: C

Explanation

The correct answer is C, Recovery, as this phase focuses on returning the system to normal operations and includes verifying the effectiveness of the corrective actions taken. The other options do not involve implementing or testing corrective measures, making them unsuitable for this purpose.