Exam CS0-002 topic 1 question 211 discussion

I expected there to be a "principle of least privilege" as a choice lol. But i think C is the answer here. the incident has happened, there has to be a lessons learned report, you want to learn from the incident and apply the lessons in developing security controls. Absolutely not D lol, but i see why people answered it, still a dumbass question anyway.

A lessons-learned report is a comprehensive analysis of an incident, detailing what happened, how it happened, and what could have been done to prevent it. It provides insights into the incident and identifies areas of improvement to prevent similar incidents from happening in the future. By reviewing the lessons-learned report, the security analyst can identify gaps in the company's controls that contributed to the fraud and suggest measures to strengthen them. An incident response plan (Option B) outlines the procedures for responding to security incidents. While it is a crucial document, it is not the best option for helping the security analyst develop better controls to prevent financial fraud.

B is the answer

D - would cover the present and future, whereas D describes the past. Lessons learned is information about what happened and not necessarily a solution.

Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable information security (InfoSec) professionals and system administrators to detect intrusion attempts or other malicious activities. Security researchers use IOCs to better analyze a particular malware’s techniques and behaviors. IOCs also provides actionable threat intelligence that can be shared within the community to further improve an organization’s incident response and remediation strategies.