Question 16
Main Page
A security incident occurred, but the team failed to follow documented procedures. What step should follow recovery?
A. Suspend the incident response team
B. Replace the team lead immediately
C. Conduct a post-incident review and revise procedures
D. Report the team to legal for negligence
Answer: Conduct a post-incident review and revise procedures
A post-incident review allows for root cause analysis and improvement of future response procedures.