CompTIA CySA+ (CS0-003) — Question 55

An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?

Answer options

• A. Identify and discuss the lessons learned with the prior analyst.
• B. Accept all findings and continue to investigate the next item target.
• C. Review the steps that the previous analyst followed.
• D. Validate the root cause from the prior analyst.

Correct answer: C

Explanation

Reviewing the steps taken by the previous analyst is essential to ensure continuity and understanding of the investigation. Accepting all findings without review could lead to oversight of critical details. Identifying lessons learned and validating the root cause are beneficial, but they come after ensuring a complete grasp of prior work.