CompTIA CySA+ CS0-003 Practice Question
Which of the following post-incident activities serves as the most comprehensive tool for an organization to evaluate its response to a security incident and to identify areas for improvement?
Performing root cause analysis
Facilitating a 'lessons learned' meeting
Conducting a forensic analysis
Updating documentation with incident details