CompTIA Security+ (SY0-601) — Question 774

Which of the following actions would be recommended to improve an incident response process?

Answer options

• A. Train the team to identify the difference between events and incidents.
• B. Modify access so the IT team has full access to the compromised assets.
• C. Contact the authorities if a cybercrime is suspected.
• D. Restrict communication surrounding the response to the IT team.

Correct answer: A

Explanation

Training the team to differentiate between events and incidents is crucial for effective incident response, making option A the correct choice. Modifying access to compromised assets (option B) can lead to further risks, contacting authorities (option C) is important but not always necessary for every incident, and restricting communication (option D) may hinder collaboration and information sharing.