CiscoCisco
200-201 · Question #58
200-201 Question #58: Real Exam Question with Answer & Explanation
The correct answer is A: decision making. When a security analyst collects information during an incident to make informed decisions, they are engaging in decision making.
Submitted by kevin_r· Mar 6, 2026Security Policies and Procedures
Question
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
Options
- Adecision making
- Brapid response
- Cdata mining
- Ddue diligence
Explanation
When a security analyst collects information during an incident to make informed decisions, they are engaging in decision making.
Common mistakes.
- B. Rapid response refers to the speed and efficiency of action during an incident, not the information gathering and evaluation process itself.
- C. Data mining is the process of discovering patterns in large datasets, which is different from the active, incident-specific information gathering for immediate tactical decisions.
- D. Due diligence refers to the reasonable steps taken to avoid harm or act responsibly, often in a preventative or preparatory context, rather than the active process of deciding during an incident.
Concept tested. Incident response decision making
Topics
#incident response#decision making#security principles
Community Discussion
No community discussion yet for this question.