CompTIA Security+ (SY0-601) — Question 354
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
Answer options
- A. Preparation
- B. Recovery
- C. Lessons learned
- D. Analysis
Correct answer: A
Explanation
The correct answer is A, Preparation, as this phase focuses on establishing roles and responsibilities before an incident occurs. Options B (Recovery), C (Lessons learned), and D (Analysis) occur after an incident has taken place and do not involve reviewing roles and responsibilities.