CompTIA CySA+ CS0-003 Practice Question
Upon concluding the containment and eradication of a sophisticated network intrusion, your team is moving into the recovery and post-incident phases. Identifying priority actions is key to enhancing resilience against future attacks. Which of the following actions is paramount for the organization to perform immediately after restoring services?
Running an immediate full-scale audit on all security systems to check for remaining threats
Revising the organization's firewall and network perimeter policies based on the specific attack vectors that were exploited
Urgently updating all endpoint protection platforms across the enterprise network
Convening the board of directors to explain the technical details of the attack vector and its mitigation
Implementing new sandboxing techniques for email attachments to prevent similar malware infections
Initiating a lessons learned session with key response team members to evaluate the incident response effectiveness and outline improvement strategies