ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-001 All Questions

View all questions & answers for the CS0-001 exam
Go to Exam

Exam CS0-001 topic 1 question 51 discussion

Actual exam question from CompTIA's CS0-001
Question #: 51
Topic #: 1
[All CS0-001 Questions]

Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, and how it was remediated, in addition to incident response effectiveness and any identified gaps needing improvement?

  • A. Forensic analysis report
  • B. Chain of custody report
  • C. Trends analysis report
  • D. Lessons learned report
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Samus_7 at Aug. 7, 2019, 9:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Samus_7
Highly Voted 5 years, 9 months ago
D. Lessons learned report Should be !
upvoted 19 times
...
moe1985
Highly Voted 5 years, 3 months ago
D. Lessons learned report
upvoted 6 times
...
Jeend
Most Recent 2 years, 4 months ago
detailed information on when an incident was detected, how impactful the incident Was Lessons learned
upvoted 1 times
...
Kuku55
4 years, 3 months ago
any identified gaps needing improvement These are the keywords here so its D.
upvoted 1 times
...
Acrisius
4 years, 5 months ago
The answer is D - Similar Q in 002
upvoted 1 times
...
christ0phermc
4 years, 9 months ago
its obviously 4
upvoted 1 times
...
Rowlandmarc
4 years, 11 months ago
D - It mentions analysis of how the incident was managed
upvoted 1 times
...
CyberSeal
5 years ago
I thought it was lessons learned.. starting to lose faith in this site
upvoted 1 times
...
Yatou
5 years ago
Definitely D. The lessons learned report provides you with the details of the incident, its severity, the remediation method, and most importantly, how effective your response was. Additionally, it provides recommendations for improvements in the future. A forensic analysis report would not provide recommendations for future improvements, even though it provides many of the other details.
upvoted 1 times
...
B1gK
5 years ago
somebody help me: Does forensic report really include how the incident was remediated, how impactful the incident was to the victim, as well as how effective the remedy response was? I thought these are all part of lessons learned?
upvoted 1 times
XAmbivert
5 years ago
"The Forensic Analysis step during IR is a process of analyzing and reviewing gathered data from different sources e.g. computer, log files, web history, email files, pictures & information for users using tools to gather info such a asset IDs, serial numbers, arrival and depature times, transport routing #, name/tile handlers and location. Forensic Analysis should also help determine victims/attackers, the what, who and where, and how the incident was done. Forensic Analysis enable us to go through and create a case against the attacker during the investigation process." Dale Meredith Performing Incident Response and Handling (Pluiralsight course)
upvoted 1 times
...
...
XAmbivert
5 years, 1 month ago
Please note the word "detailed." The answer is A. https://www.sans.org/blog/intro-to-report-writing-for-digital-forensics/ Leessons-learned report are usually brief renditions of participants' input from the standpoint of their own observation. These are then discussed during review sessions and edited accordingly.
upvoted 2 times
johnchie
4 years, 10 months ago
I think the answer is lesson learned simply because a forensic report focuses on reporting evidence and steps taken to collect those evidence and it is for legal purposes. It shouldn't have information about the impact of the incident nor how it was remediated.
upvoted 1 times
...
...
maps7
5 years, 1 month ago
the answer is D.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago