Which DSAC domain would you study to respond to cyber incidents efficiently?

The main concept being tested is how to respond to cyber incidents efficiently, which is addressed by the Incident Response domain. This area focuses on the organized set of actions, roles, and procedures teams use when a security event is detected. It covers the entire response lifecycle: preparation (plans, runbooks, and team roles), detection and analysis, containment (short-term and long-term), eradication and recovery, and post-incident lessons learned. Efficiency comes from having predefined playbooks, clear escalation paths, and coordinated communication with stakeholders, which allow responders to act quickly, preserve evidence, and restore normal operations with minimal impact. While governance, cryptography, and network security are essential components of a robust security program, they do not provide the end-to-end response workflow needed to handle incidents quickly and effectively.