nerdexam
ExamsGCIHQuestions#508
GIAC

GCIH · Question #508

GCIH Question #508: Real Exam Question with Answer & Explanation

The correct answer is D: Do we need to change any steps in our process?. The focus of follow-up or Lessons Learned meeting after incidents is to agree on a description of events, and to discover ways to improve processes and technology. Focusing on a single member of the team isn't a best practice during these meetings 鈥" the focus should be on proces

Question

In an attempt to contain an incident, the response team shut down a critical server without communicating with the Network Operations team. This led to upset management, poor customer service, and profit loss. The incident has since been closed, and Sam is leading a follow-up meeting. Which of the following questions is most appropriate for the focus of this meeting?

Options

  • AShould these issues be included in the report?
  • BWhich member of the team turned off the server?
  • CWhat consequences did the organization suffer from the mistake?
  • DDo we need to change any steps in our process?

Explanation

The focus of follow-up or Lessons Learned meeting after incidents is to agree on a description of events, and to discover ways to improve processes and technology. Focusing on a single member of the team isn't a best practice during these meetings 鈥" the focus should be on process improvement. All relevant events should be in reports.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice