A post-incident review should be conducted by an incident management team to determine: A. relevant electronic evidence. B. lessons learned. C. hacker's identity. D. areas affected.
Correct Answer: B
Explanation:
Explanation:
Post-incident reviews are beneficial in determining ways to improve the response process through lessons learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.
Please disable your adblocker or whitelist this site!