CompTIA Security+ (SY0-701) — Question 71

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Answer options

• A. Analysis
• B. Lessons learned
• C. Detection
• D. Containment

Correct answer: A

Explanation

The correct answer is A, Analysis, as it involves examining the details to pinpoint the source of the incident. The other options do not focus on identifying the origin; 'Lessons learned' refers to insights gained after an incident, 'Detection' pertains to identifying incidents as they occur, and 'Containment' involves limiting the impact of an incident.