CompTIA Security+ (SY0-501) — Question 999

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks.
Which of the following would have allowed the security team to use historical information to protect against the second attack?

Answer options

• A. Key risk indicators
• B. Lessons learned
• C. Recovery point objectives
• D. Tabletop exercise

Correct answer: B

Explanation

The correct answer is B, 'Lessons learned', because it refers to the insights gained from previous incidents that can be applied to improve security measures. The other options do not specifically focus on utilizing historical incident data to prevent future attacks; for instance, Key risk indicators measure risks, Recovery point objectives focus on data recovery, and Tabletop exercises are simulation drills rather than a means of learning from past breaches.