[&] Why is root cause analysis essential in incident response?
- To focus solely on technological improvements
- To immediately restore all systems to their pre-incident state
- To punish those responsible for the intrusion
- To understand and patch vulnerabilities rather than just addressing symptoms -- Correct

[&] What is the first objective in the analysis phase of an incident response?
- Notifying all stakeholders and regulators immediately
- Discovering the entry point of the threat
- Scoping the impact of the incident
- Verifying that the incident is real and not a false positive -- Correct

[&] What is the purpose of pivoting through logs during the analysis phase?
- To filter out large volumes of log data by deleting non-relevant entries
- To update SIEM rules to detect similar attacks in the future
- To ignore irrelevant events and concentrate only on known threats
- To start with a suspicious log entry and identify related events expanding the incident's scope -- Correct

[&] What role does analysis play following detection in the incident response lifecycle?
- It involves the immediate eradication of any detected threats
- It verifies the detection accuracy by re-evaluating the risk involved
- It transforms alerts into an actionable understanding of the incident's nature and scope -- Correct
- It closes the incident by generating reports for management

[&] What might result from inadequate analysis in incident response?
- Guaranteed regulatory compliance and business safety
- Total eradication of threats from all systems
- Incomplete containment and mistargeted recovery efforts -- Correct
- Efficient and fully justified incident response actions

[&] How does the analysis phase contribute to the incident response process?
- By ensuring that only real threats are escalated to management
- By terminating all threats rapidly, regardless of their source
- By providing forensic evidence to support containment and recovery -- Correct
- By identifying vulnerabilities for immediate patching