CompTIA
CAS-002 · Question #361
CAS-002 Question #361: Real Exam Question with Answer & Explanation
The correct answer is B: During the Lessons Learned phase. The Lessons Learned phase of incident response is the appropriate stage to review the incident constructively, address accountability, and identify process improvements.
Question
A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame as to whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?
Options
- ADuring the Identification Phase
- BDuring the Lessons Learned phase
- CDuring the Containment Phase
- DDuring the Preparation Phase
Explanation
The Lessons Learned phase of incident response is the appropriate stage to review the incident constructively, address accountability, and identify process improvements.
Common mistakes.
- A. The Identification phase focuses on detecting and confirming that an incident is occurring, not on retrospective accountability discussions.
- C. The Containment phase is focused on limiting the active spread and impact of the incident, not on post-incident analysis or blame resolution.
- D. The Preparation phase occurs before any incident to establish policies and response capabilities, making it irrelevant for addressing blame from a past breach.
Concept tested. Incident response Lessons Learned phase purpose and scope
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.