CompTIA Security+ (SY0-701) — Question 323

Which of the following activities is included in the post-incident review phase?

Answer options

• A. Determining the root cause of the incident
• B. Developing steps to mitigate the risks of the incident
• C. Validating the accuracy of the evidence collected during the investigation
• D. Reestablishing the compromised system’s configuration and settings

Correct answer: A

Explanation

The correct answer is A, as determining the root cause is a crucial part of the post-incident review to prevent future incidents. Options B, C, and D may be related to incident management but do not specifically belong to the post-incident review phase.