CompTIA Security+ (SY0-601) — Question 331

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Answer options

• A. Walk-throughs
• B. Lessons learned
• C. Attack framework alignment
• D. Containment

Correct answer: B

Explanation

The correct answer is B, as 'Lessons learned' involves analyzing the incident to extract insights that can improve future security practices. Options A, C, and D refer to processes that might occur during or immediately after an incident but do not focus on the retrospective analysis necessary for preventing future occurrences.