Exam SY0-601 topic 1 question 213 discussion

Agree with C

This is Lessons Learned. This takes place after everything has a occurred and the team is trying to figure out how to do better. Also, for anyone that has reached this point and realized that they discussions have become less and less. That's because a month ago the questions stopped at #211. So from here on out it's just the newer participants.

During this stage, the incident response team conducts a post-mortem analysis of the incident to identify what went wrong, what worked well, and what could be improved. The goal is to gain insights and knowledge from the incident so that the organization can enhance its security posture and response capabilities for the future. The lessons learned document may include a detailed analysis of the incident timeline, the root cause of the incident, the actions taken during the response, and the effectiveness of those actions. It may also include recommendations for improving security controls, policies, and procedures to prevent similar incidents in the future. This document serves as a valuable resource for learning from the incident and enhancing the organization's incident response capabilities.

Answer: Lessons learned Lessons learned or remediation step is the final phase of the incident response. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future. ======================= Phases of the Incident Response Plan: 1. Preparation - Preparing for an attack and how to respond 2. Identification - Identifying the threat 3. Containment - Containing the threat 4. Eradication - Removing the threat 5. Recovery - Recovering affected systems 6. Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.

CompTIA really love lessons learned...get the feeling like every incident response process question is about lessons learned