CompTIA Security+ (SY0-601) — Question 28

The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

Answer options

• A. Lessons learned
• B. Preparation
• C. Detection
• D. Containment
• E. Root cause analysis

Correct answer: A

Explanation

The correct answer is 'Lessons learned' because this phase focuses on analyzing incidents to improve future responses and security measures. The other options, such as 'Preparation' and 'Detection', relate to proactive and immediate response actions, while 'Containment' deals with managing the incident in real-time, and 'Root cause analysis' focuses on identifying the underlying issue rather than overall improvements.