PECB Lead Implementer (ISO/IEC 27001) — Question 50

Why did InfoSec establish an IRT? Refer to scenario 7.

Answer options

• A. To comply with the ISO/IEC 27001 requirements related to incident management
• B. To collect, preserve, and analyze the information security incidents
• C. To assess, respond to, and learn from information security incidents

Correct answer: C

Explanation

The correct answer is C because the primary purpose of an Incident Response Team (IRT) is to assess, respond to, and learn from incidents to improve overall security posture. Option A focuses on compliance, which is a part of the broader scope but not the main reason, while option B emphasizes data handling rather than the proactive and reactive measures that IRTs are designed to implement.