Which of the following BEST describes the importance of the final phase of the incident response plan?

A security incident has been resolved.

Which of the following BEST describes the importance of the final phase of the incident response plan?
A . It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
B . It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
C . It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
D . It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

View Answer

Answer: A

Explanation:

The final phase of an incident response plan is the post-incident activity, which involves examining and documenting how well the team responded, discovering what caused the incident, and determining how the incident can be avoided in the future.

Reference: CompTIA Security+ Certification Exam Objectives – 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 225.