Which of the following BEST describes the importance of the final phase of the incident response plan?

A security incident has been resolved.

Which of the following BEST describes the importance of the final phase of the incident response plan?
A . It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
B. It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
C. It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

View Answer

Answer: A

Explanation:

The final phase of an incident response plan is the post-incident activity, which involves examining and documenting how well the team responded, discovering what caused the incident, and determining how the incident can be avoided in the future.

References:

CompTIA Security+ Certification Exam Objectives – 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 225.