The Incident Response Plan defines what in IAM?

• A. Prepare for quick action during security breaches.
• B. Analyze logs for suspicious activities.
• C. Restrict access to essential job functions.
• D. Goals for implementing IAM program deliverables.

Answer: (D)

The Incident Response Plan in IAM is about setting the targets for how the IAM program will respond to incidents and what deliverables it must produce. It defines the goals and expected outputs the IAM program should achieve during an incident, such as revoking access for compromised accounts, isolating affected systems, restoring legitimate access, logging and documenting actions, and producing post-incident reports to guide improvements. This gives clear direction and coordination across teams when a breach occurs, tying the response to business and regulatory needs. While tasks like analyzing logs or restricting access are important activities used to meet those goals, they are means to achieve the defined deliverables rather than the plan’s defining purpose.