What practice helps incident responders in recovering resources after a web application security incident?

Increasing the log storage limit and increasing disk space is crucial for incident responders in recovering resources after a web application security incident. Logs are invaluable during and after such incidents because they provide detailed information about what has occurred, including the actions taken by users, the nature of system responses, and any unauthorized access or anomalies. By ensuring that there is ample log storage, responders can retain important data necessary for investigation, analysis, and legal proceedings if necessary. This practice allows for a better understanding of the sequence of events, identification of vulnerabilities, and assessment of the impact of the incident, ultimately facilitating a more efficient recovery process.

The other options would be counterproductive for incident recovery: removing backups would eliminate critical restoration points; disabling logging would hinder insight into the incident and any further forensic analysis; and limiting user access may temporarily isolate the problem but could also restrict efficient recovery and remediation processes. Each of these alternatives undermines the incident response process by either removing essential information or preventing necessary actions to understand and resolve the incident.