SY0-701 - Security Operations - Section 4.8
Explain appropriate incident response activities.
Describe the incident response lifecycle from preparation through containment, eradication, recovery, and lessons learned, and explain how digital forensics supports root cause analysis without compromising evidence integrity. Recognise which phase each activity belongs to, and understand why preparation - including playbooks and communication plans - determines how effectively teams execute the later phases under pressure.
incident response processpreparationcontainment and eradicationroot cause analysisdigital forensics
More in this domain
Back to all Security Operations objectives, or the SY0-701 cert hub.
Examworthy is not affiliated with or endorsed by CompTIA. Original, blueprint-aligned practice material only.