ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 18 discussion

Actual exam question from CompTIA's CS0-003
Question #: 18
Topic #: 1
[All CS0-003 Questions]

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?

  • A. Develop a call tree to inform impacted users
  • B. Schedule a review with all teams to discuss what occurred
  • C. Create an executive summary to update company leadership
  • D. Review regulatory compliance with public relations for official notification
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kmordalv at Sept. 7, 2023, 8:11 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BanesTech
Highly Voted 8 months, 1 week ago
Selected Answer: B
Scheduling a review with all teams to discuss what occurred allows for a comprehensive post-incident analysis and facilitates a collective understanding of the incident's causes, impact, and response effectiveness. This review involves key stakeholders from various teams involved in incident response, including technical teams, management, legal, and communication teams. By gathering input from all relevant parties, the organization can identify strengths, weaknesses, and areas for improvement in its incident response process.
upvoted 10 times
...
newenglandgirl1078
Most Recent 2 months ago
Selected Answer: B
The answer is B - Schedule a review with all teams to discuss what occurred.
upvoted 1 times
...
maggie22
6 months, 2 weeks ago
B. The keyword is "review" for Post-Incident Review or Post-Mortem analysis
upvoted 1 times
...
Cpt_Emerald
11 months, 1 week ago
I am kind of leaning with C here. Why would you meet with ALL teams of a company to discuss what happened in an incident? In any incident, leadership knowing what happened afterward is a must. This is coming from someone who has done IR for 2 years.
upvoted 2 times
SujaBaji
4 weeks, 1 day ago
REMEMBER this is CompTIA, I agree with you after any incident we send a notification and give a brief to CISO but I think after containment they want us to talk about lesson learned and review it/
upvoted 1 times
SujaBaji
4 weeks, 1 day ago
the purpose of the question is to improve future incident response
upvoted 1 times
...
...
Jayysaystgis
1 month ago
I thought so too and also choose C
upvoted 1 times
...
...
eapau6022
1 year ago
B. One of the best actions to take after the conclusion of a security incident to improve incident response in the future is to schedule a review with all teams to discuss what occurred, what went well, what went wrong, and what can be improved.
upvoted 3 times
...
Alizade
1 year, 1 month ago
Selected Answer: B
The answer is B. Schedule a review with all teams to discuss what occurred.
upvoted 1 times
...
kmordalv
1 year, 3 months ago
Selected Answer: B
Correct. The purpose of this review is to identify the root causes of the incident, evaluate the effectiveness of the incident response process, document any gaps or weaknesses in the security controls, and recommend corrective actions or preventive measures for future incidents.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel