CompTIA CySA+ (CS0-003) — Question 514

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?

Answer options

• A. Develop a call tree to inform impacted users
• B. Schedule a review with all teams to discuss what occurred
• C. Create an executive summary to update company leadership
• D. Review regulatory compliance with public relations for official notification

Correct answer: B

Explanation

The correct answer is B because conducting a review with all teams allows for a comprehensive analysis of the incident, facilitating learning and improvement in future responses. The other options, while beneficial in their own right, do not directly contribute to enhancing the incident response process as effectively as a collaborative review would.