nerdexam
ExamsGCIHQuestions#520
GIAC

GCIH · Question #520

GCIH Question #520: Real Exam Question with Answer & Explanation

The correct answer is B: Process modifications, technology needs, and incident handling improvements. The Lessons Learned report should address process improvements, technology recommendations, and improvements that can be made to the Incident Handling process.

Incident Response & Cyber Kill Chain

Question

What kind of topics should be addressed by the Lessons Learned report?

Options

  • AOfficial press release, evidence from the intrusion, and future testing plans
  • BProcess modifications, technology needs, and incident handling improvements
  • CPersonnel issues, disciplinary actions, and mistakes made by incident handlers
  • DIndividual accounts of the incident, system log entries, and legal warrants

Explanation

The Lessons Learned report should address process improvements, technology recommendations, and improvements that can be made to the Incident Handling process.

Topics

#lessons learned report#process improvement#incident documentation#IR lifecycle

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice