🔥 3-day streak
CompTIA CySA+ (CS0-003)56 / 147
Question 56 of 147
A security team has just completed the recovery phase after a ransomware incident. Systems have been restored from backups, business operations have resumed normally, and monitoring confirms no residual malicious activity. The CISO wants to ensure the organization improves its defenses and documentation before institutional memory fades. Which activity should the incident response team prioritize NEXT, and when should it be conducted?
Reviewed for accuracy · Report an issueNext question