Veronica has completed the recovery phase of her organization’s incident response plan. What phase should she move into next?

The IR process used for the Security+ exam outline is Preparation, Detection, Analysis, Containment, Eradication, Recovery, and Lessons Learned. Veronica should move into the lessons learned phase.