Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Which of the following describes the reason root cause analysis should be conducted as part of incident response?
A . To gather loCs for the investigation
B . To discover which systems have been affected
C . To eradicate any trace of malware on the network
D . To prevent future incidents of the same nature

View Answer

Answer: D

Explanation:

Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response. Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.1 – Incident Response, 9:55 – 11:18.