exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam

Exam CS0-003 topic 1 question 18 discussion

Actual exam question from CompTIA's CS0-003
Question #: 18
Topic #: 1
[All CS0-003 Questions]

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?

  • A. Develop a call tree to inform impacted users
  • B. Schedule a review with all teams to discuss what occurred
  • C. Create an executive summary to update company leadership
  • D. Review regulatory compliance with public relations for official notification
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
BanesTech
Highly Voted 1 month, 2 weeks ago
Selected Answer: B
Scheduling a review with all teams to discuss what occurred allows for a comprehensive post-incident analysis and facilitates a collective understanding of the incident's causes, impact, and response effectiveness. This review involves key stakeholders from various teams involved in incident response, including technical teams, management, legal, and communication teams. By gathering input from all relevant parties, the organization can identify strengths, weaknesses, and areas for improvement in its incident response process.
upvoted 9 times
...
maggie22
Most Recent 12 hours, 21 minutes ago
B. The keyword is "review" for Post-Incident Review or Post-Mortem analysis
upvoted 1 times
...
Cpt_Emerald
4 months, 3 weeks ago
I am kind of leaning with C here. Why would you meet with ALL teams of a company to discuss what happened in an incident? In any incident, leadership knowing what happened afterward is a must. This is coming from someone who has done IR for 2 years.
upvoted 1 times
...
eapau6022
6 months, 1 week ago
B. One of the best actions to take after the conclusion of a security incident to improve incident response in the future is to schedule a review with all teams to discuss what occurred, what went well, what went wrong, and what can be improved.
upvoted 3 times
...
Alizade
7 months ago
Selected Answer: B
The answer is B. Schedule a review with all teams to discuss what occurred.
upvoted 1 times
...
kmordalv
9 months, 1 week ago
Selected Answer: B
Correct. The purpose of this review is to identify the root causes of the incident, evaluate the effectiveness of the incident response process, document any gaps or weaknesses in the security controls, and recommend corrective actions or preventive measures for future incidents.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago