CompTIA Security+ (SY0-701) — Question 59

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Answer options

• A. To gather IoCs for the investigation
• B. To discover which systems have been affected
• C. To eradicate any trace of malware on the network
• D. To prevent future incidents of the same nature

Correct answer: D

Explanation

The correct answer is D because root cause analysis aims to identify the underlying reasons for incidents to prevent their recurrence. Options A, B, and C, while relevant to incident response, do not address the proactive measures needed to stop future incidents of the same nature.