Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What document should Arnold create after the lesson-learned activity in his post-incident process?

  1. Incident report

  2. After-action report (AAR)

  3. Security policy update

  4. Risk assessment document

The correct answer is: After-action report (AAR)

The after-action report (AAR) is a crucial document that Arnold should create following the lesson-learned activity in his post-incident process. This report is designed to evaluate the response to an incident and capture insights and knowledge gained throughout the incident lifecycle. The purpose of the AAR is to analyze what happened during the incident, how effectively the team responded, and what can be improved for future incidents. This reflective practice helps organizations to institutionalize their learnings, ensuring that successes and failures are documented and can positively influence future incident handling and response strategies. Creating an AAR allows Arnold and his team to engage in constructive discussions about their actions, identify any gaps in their processes or procedures, and develop actionable recommendations for improvements, thereby enhancing the overall incident response capability of the organization. In contrast, while an incident report provides a summary of the event and is important for documentation and compliance, it does not encapsulate the reflective and iterative learning components found in an AAR. Similarly, a security policy update and a risk assessment document are more focused on broader organizational security strategies and risk management, rather than capturing the multidimensional lessons learned from a specific incident.

More Questions Like This