🔥 3-day streak
CompTIA CySA+ (CS0-003)46 / 147
Question 46 of 147
A mid-sized company recently suffered a ransomware incident. During the response, analysts wasted several hours debating who had authority to disconnect affected systems and how to escalate to legal and executive leadership. The CISO wants to ensure future incidents proceed with predefined, repeatable steps that assign roles and decision authority before an event occurs. Which preparation-phase activity most directly addresses this need?
Reviewed for accuracy · Report an issueNext question