After a recent security breach, the network administrator has been tasked to update and backup all
router and switch configurations. The security administrator has been tasked to enforce stricter security
policies. All users were forced to undergo additional user awareness training. All of these actions are due
to which of the following types of risk mitigation strategies?

A.
Change management

B.
Implementing policies to prevent data loss

C.
User rights and permissions review

D.
Lessons learned

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification;
Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder;
Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the
question is a situation where a security breach had occurred and its response which shows that lessons
have been learned and used to put in place measures that will prevent any future security breaches of
the same kind.
Incorrect Answers:
A: Change Management refers to the structured approach that is followed to secure a company’s assets.
Described in the question is a case of incident response. And incident response is but a part of change
management.B: Policies preventing data loss involves monitoring the contents of systems to make sure that key
content is not deleted or removed. This is not the updating and backup of all router and switch
configurations.
C: Audits usually address user rights and permission reviews which forms part of risk mitigation.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 10, 429