A security incident has been resolved. Which of the following BEST describes the importance of the final phase
of the incident response plan?
A. It examines and documents how well the team responded, discovers what caused the incident, and
determines how the incident can be avoided in the future.
B. It returns the affected systems back into production once systems have been fully patched, data restored,
and vulnerabilities addressed.
C. It identifies the incident and the scope of the breach, how it affects the production environment, and the
ingress point.
D. It contains the affected systems and disconnects them from the network, preventing further spread of the
attack or breach.
of the incident response plan?
A. It examines and documents how well the team responded, discovers what caused the incident, and
determines how the incident can be avoided in the future.
B. It returns the affected systems back into production once systems have been fully patched, data restored,
and vulnerabilities addressed.
C. It identifies the incident and the scope of the breach, how it affects the production environment, and the
ingress point.
D. It contains the affected systems and disconnects them from the network, preventing further spread of the
attack or breach.