nerdexam
GIAC

GCFA · Question #71

GCFA Question #71: Real Exam Question with Answer & Explanation

The correct answer is A. Information dissemination policy B. Additional personnel security controls C. Incident response plan D. Electronic monitoring statement. The post-incident lessons-learned phase should comprehensively evaluate all aspects of the response process to identify gaps and drive improvements. All four listed options represent valid and distinct areas that should be reviewed after an incident is resolved.

Question

The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AInformation dissemination policy
  • BAdditional personnel security controls
  • CIncident response plan
  • DElectronic monitoring statement

Explanation

The post-incident lessons-learned phase should comprehensively evaluate all aspects of the response process to identify gaps and drive improvements. All four listed options represent valid and distinct areas that should be reviewed after an incident is resolved.

Concept tested. Post-incident lessons learned and process improvement areas

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice
The incident response team has turned the evidence over to the... | GCFA Q#71 Answer | NerdExam