An incident response analyst is taking over an investigation from another analyst. The investigation has been going on for the past few days. Which of the following steps is most important during the transition between the two analysts?
A.
Identify and discuss the lessons learned with the prior analyst.
B.
Accept all findings and continue to investigate the next item target.
C.
Review the steps that the previous analyst followed.
D.
Validate the root cause from the prior analyst.
Lessons learned is a root cause analysis key phrase. This is more about hand-off, in which you want to know what's been completed in the investigatory process before you take over.
Options like accepting findings (B) or validating the root cause (D) come after understanding the investigation's progress. While identifying lessons learned (A) is valuable, it is usually done after the investigation is completed, not during the handover.
"Review the steps..." - Zero-Trust = Trust-no-One - I have learn (lesson-learned) in the hard way. Question: If you need to revise your work, why not revise the work of someone that you are taking over? ;)
But if 'is taking over' and 'has been going for few days', why the first analist shound have some lesson learned done? the analisys is on working phease
I don't know, I'm going to vote B here only because the question sounds like and ongoing investigation lasting for a few days already. A and D are towards the end of the incident, and C sounds more like an audit to me. If I'm going to take over an incident, I will probably want to know what has been done already and what's the next steps are.
A) identify and discuss the lessons learned with the prior analyst
I was thinking C, but A makes things most clear. With option C, the other analyst isn't consulted, so the steps taken can be misinterpreted.
A. Identify and discuss the lessons learned with the prior analyst.
Transitioning an ongoing investigation between analysts is a crucial moment in incident response. Understanding what has already been done, what has been learned, and what challenges have been encountered is essential for the incoming analyst. This information helps prevent duplicating efforts, ensures continuity in the investigation, and can lead to more effective and efficient resolution of the incident.
The most important step is to identify and discuss lessons learned with the previous analyst. This will help to have a clear view of the research done and avoid redundant work and mistakes that would have been made.
thats not what you chose lol. That would be option A, and I agree
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
LiveLaughToasterBath
Highly Voted 1 year, 5 months agoCyberJackal
Highly Voted 1 year, 1 month agocy_analyst
Most Recent 6 months, 3 weeks agovoiddraco
8 months, 1 week agovoiddraco
8 months, 1 week agoa3432e2
9 months, 1 week agoLilik
8 months, 4 weeks agonap61
9 months, 2 weeks agom025
1 year, 4 months agodeeden
1 year, 4 months ago[Removed]
1 year, 5 months ago[Removed]
1 year, 5 months ago581777a
1 year, 5 months agokmordalv
1 year, 6 months ago581777a
1 year, 5 months ago