ExpertMedium1 markMultiple Choice
CPA · Question 62 · Area II: Security
After a ransomware attack is resolved, the team holds a 'Lessons Learned' meeting. What is the primary output of this meeting?
After a ransomware attack is resolved, the team holds a 'Lessons Learned' meeting. What is the primary output of this meeting?
Answer options:
A.
Assigning blame to specific employees.
B.
Calculating the total financial loss.
C.
Recommendations for improving the Incident Response Plan and security controls.
D.
Deleting all logs related to the incident.
How to approach this question
Focus on improvement.
Full Answer
C.Recommendations for improving the Incident Response Plan and security controls.✓ Correct
The Post-Incident Activity phase focuses on learning from the incident to improve future response and defenses.
Common mistakes
Thinking the meeting is about punishment.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy