PdfPrep.com

A post-incident review should be conducted by an incident management team to determine:

A post-incident review should be conducted by an incident management team to determine:
A . relevant electronic evidence.
B . lessons learned.
C . hacker’s identity.
D . areas affected.

Answer: B

Explanation:

Post-incident reviews are beneficial in determining ways to improve the response process through lessons learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.

Exit mobile version