CompTIA Security+ (SY0-501) — Question 702

A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again?

Answer options

• A. Risk assessment
• B. Chain of custody
• C. Lessons learned
• D. Penetration test

Correct answer: C

Explanation

The 'Lessons learned' process is essential for understanding what went wrong and implementing changes to prevent recurrence. While a risk assessment helps identify vulnerabilities, it does not address the specific lessons from the breach. The chain of custody is related to evidence handling, and penetration tests are proactive measures that assess security but do not provide insights from past incidents.