Which TWO of the following are key components of a cloud incident response plan that should be tested regularly?
Automation playbooks must be tested to ensure they execute correctly.
Why this answer
Automation playbooks for containment and eradication (B) are critical because they enable rapid, consistent response to incidents in cloud environments, where manual intervention can be too slow to prevent lateral movement or data exfiltration. Regular testing ensures these playbooks execute correctly against live cloud APIs (e.g., AWS Lambda, Azure Automation) and that they properly isolate compromised resources without disrupting legitimate workloads.
Exam trap
ISC2 often tests the distinction between incident response plan components and broader operational or contractual elements, so candidates mistakenly select backup/restore procedures (D) or SLAs (E) because they seem related to incident handling, but they are not core to the detection, containment, and eradication phases that require regular testing.