An incident response team is analyzing a data breach. Which THREE actions are part of the 'Lessons Learned' phase? (Select THREE)
Documentation helps improve future response.
Why this answer
Lessons Learned involves reviewing the incident, updating plans, and conducting post-mortems to improve future response. Identifying the root cause is part of analysis/eradication.