CompTIA Security+ (SY0-501) — Question 585

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following activities has the incident team lead executed?

Answer options

• A. Lessons learned review
• B. Root cause analysis
• C. Incident audit
• D. Corrective action exercise

Correct answer: A

Explanation

The correct answer is A, as a lessons learned review is specifically designed to improve incident response capabilities by reflecting on past incidents. Options B, C, and D do not focus primarily on enhancing response capabilities but rather on analyzing causes, auditing responses, or implementing corrective measures.