🔥 3-day streak
ISC2 CC — Certified in Cybersecurity64 / 145
Question 64 of 145

A company has just finished containing and recovering from a phishing-based email compromise. The incident response team reconvenes to review how the incident was handled, document what worked and what didn't, and recommend updates to the response plan and employee training. Which phase of the incident response process are they performing?

Reviewed for accuracy · Report an issueNext question