CompTIA Security+ (SY0-501) — Question 400

After a security incident, management is meeting with involved employees to document the incident and its aftermath.
Which of the following BEST describes this phase of the incident response process?

Answer options

• A. Lessons learned
• B. Recovery
• C. Identification
• D. Preparation

Correct answer: A

Explanation

The correct answer is A, as the 'Lessons learned' phase focuses on analyzing what occurred during the incident and documenting findings to improve future responses. Options B, C, and D refer to other stages of incident response, such as recovering from the incident, identifying the issue, and preparing for potential future incidents, respectively.