[&] Which section of the incident response policy defines who is responsible for each task during an incident?
- Incident Classification
- Document Control
- Roles and Responsibilities -- Correct
- Definitions

[&] Which component of the incident response policy clarifies the terminology used?
- Definitions -- Correct
- Communication Plan
- Purpose and Scope
- Roles and Responsibilities

[&] What is the primary purpose of an incident response policy?
- To replace regulatory requirements with an internal guide
- To log all incidents that occur within the organization
- To serve as a foundation for the incident response capability -- Correct
- To identify potential threats before they occur

[&] How often should an incident response policy be reviewed and updated?
- Every decade
- Only when a cyber attack occurs
- Regularly, to adapt to evolving threats -- Correct
- After each fiscal quarter

[&] What is a key difference between an incident response policy and an incident response plan?
- The policy outlines the strategy while the plan details specific actions. -- Correct
- The plan is broader and covers all company operations.
- The plan is updated more frequently than the policy.
- The policy focuses on the company's financial goals.