After an incident has been investigated, one of the most important actions is to perform a root cause analysis. Root cause analysis helps in identifying the underlying reasons or factors that led to the incident in the first place. By understanding the root causes, organizations can implement corrective actions to prevent similar incidents from occurring in the future. This analysis is crucial for improving the overall security posture and resilience of the organization.
The options A, C and D are typically done before an incident occurs
B
A) risk assessment: done prior to an incident. This is a separate process outside of incident response
B) Correct. After the incident, this is part of the lessons learned. Why did this happen?
C) IRP this doesn't make sense in the context of the question
D) tabletops are done to simulate an incident, preemptive. Not afterwards
Investigate isn't fixing the issue.
IRP is the only answer as you need to fix the problem before before you can do a lesson learn.
This isn't a well worded question though; typical of Comptia.
It took me a bit to agree with root cause as the answer but after a while I got it. The root cause is the why it happened not what happened. The investigation covers the what and after that is concluded, then you focus on the why.
Answer D: Tabletop exercise. Here's my rationale: Conducting a risk assessment, root cause analysis, and developing an incident response plan are activities typically carried out before or during an incident investigation, rather than afterward. A risk assessment involves identifying, analyzing, and evaluating potential risks to the organization. Root cause analysis entails identifying the fundamental reasons behind an incident. An incident response plan outlines roles, responsibilities, procedures, and resources for responding to incidents. My emphasis is on the timing of these actions, which occur before or during, not after, an incident investigation.
After an incident has been remediated? Is that what they mean? If it has only been investigated, then has it only been discovered? Then IRP must occur..... But knowing CompTiA it is probably B
If an incident has been investigated, A and B should be complete and D does not apply. I say C. After the investigation has been completed, then we do a lessons learned and update the IRP as applicable.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kmordalv
Highly Voted 1 year, 1 month ago[Removed]
Highly Voted 11 months, 2 weeks agoSebatian20
10 months, 2 weeks agoChalice
Most Recent 7 months agoTdarling77
7 months agoVVV4WIN
11 months, 1 week agoFrog_Man
1 year ago