CAS-002 · Question #657
CAS-002 Question #657: Real Exam Question with Answer & Explanation
The correct answer is D: Develop an incident response team, require training for incident remediation, and provide. Reducing recovery time across repeated security incidents requires building a structured, well-trained incident response capability so personnel are prepared and equipped before the next incident occurs.
Question
Options
- ACreate security metrics that provide information on response times and requirements to
- BConduct a loss analysis to determine which systems to focus time and money towards
- CImplement a knowledge management process accessible to the help desk and finance
- DDevelop an incident response team, require training for incident remediation, and provide
Explanation
Reducing recovery time across repeated security incidents requires building a structured, well-trained incident response capability so personnel are prepared and equipped before the next incident occurs.
Common mistakes.
- A. Creating security metrics improves visibility and reporting on response performance but does not itself build the capability or reduce the time required to execute remediation.
- B. Conducting a loss analysis helps prioritize where to invest time and money but does not directly develop the skills or team structure needed to recover faster from future incidents.
- C. Implementing a knowledge management process accessible only to the help desk and finance teams is too narrow in scope and fails to address the cross-functional training and team structure required for comprehensive incident response.
Concept tested. Incident response team development and training
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Community Discussion
No community discussion yet for this question.