A security analyst is reviewing lessons learned after a data breach. Which three of the following are key objectives of a post-incident activity phase? (Choose three.)
Why this answer
Conducting a root cause analysis is a key objective of the post-incident activity phase because it identifies the underlying vulnerabilities and weaknesses that allowed the breach to occur. This analysis informs the development of corrective actions to prevent recurrence, which is a core goal of lessons learned. Without this step, the organization cannot effectively harden its defenses against similar attacks.
Exam trap
CompTIA often tests the distinction between the recovery phase (restoring systems) and the post-incident phase (analysis and improvement), leading candidates to mistakenly select 'Restore affected systems' as a post-incident objective.