CompTIA CySA+ (CS0-003) — Question 519

Which of the following is an important aspect that should be included in the lessons-learned step after an incident?

Answer options

• A. Identify any improvements or changes in the incident response plan or procedures
• B. Determine if an internal mistake was made and who did it so they do not repeat the error
• C. Present all legal evidence collected and turn it over to iaw enforcement
• D. Discuss the financial impact of the incident to determine if security controls are well spent

Correct answer: A

Explanation

The correct answer, A, focuses on improving the incident response plan, which is crucial for enhancing future responses. Option B, while important, centers on assigning blame rather than systemic improvement. Option C addresses legal aspects, which, though necessary, do not contribute to learning from the incident. Option D discusses financial implications but does not directly relate to refining response procedures.