A security incident has been resolved.
Which of the following BEST describes the importance of the final phase of the incident response plan?
A . It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
B . It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
C . It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
D . It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
Answer: A
Explanation:
The final phase of an incident response plan is the post-incident activity, which involves examining and documenting how well the team responded, discovering what caused the incident, and determining how the incident can be avoided in the future.
Reference: CompTIA Security+ Certification Exam Objectives – 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 225.
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund