5-question quiz on the precise vocabulary used to close an incident and transition to post-mortem. Advanced
0 / 5 completed
1 / 5
An IC announces on the bridge: "The incident is mitigated. We have not yet resolved it." What is the precise distinction between mitigated and resolved?
Correct: B. The mitigated/resolved distinction is operationally important. Mitigation might mean restarting a service, enabling a feature flag bypass, or redirecting traffic — the customer experience improves but the underlying bug persists. Resolution requires identifying and fixing the root cause. Many incidents remain in a "mitigated" state for days while the permanent fix is engineered, tested, and deployed.
State
Meaning
Example
Mitigated
Customer impact stopped; root cause not yet fixed
Traffic rerouted; broken service still exists
Resolved
Root cause fixed; system stable
Bug patched and deployed; normal operations confirmed
2 / 5
The IC sends a final bridge message: "The incident is resolved and we are standing down." What does standing down mean in incident command?
Correct: B. "Standing down" is a deliberate, formal close of the active incident response. Without it, responders remain uncertain whether they are still needed, bridges stay open unnecessarily, and the cognitive burden of the incident lingers. The phrase signals: the emergency is over, the team can return to normal operations. It mirrors military and emergency services language where "stand down" ends an alert or emergency posture.
Action at stand-down
What it closes
Bridge disbanded
Responders released; war room ends
Incident ticket updated
Status set to "Resolved"; post-mortem scheduled
3 / 5
A status update reads: "Issue is resolved. We are monitoring for recurrence over the next 24 hours." Why is an explicit post-resolution monitoring period important?
Correct: B. "Monitoring for recurrence" reflects operational realism. A database connection pool exhaustion may deplete again under load. A cache warm-up may expose the same bug within minutes of the apparent fix. Committing to a monitoring window — and communicating it — tells stakeholders the team is being thorough rather than optimistic, and ensures the response team stays alert for recurrence rather than fully context-switching immediately.
Incident type
Recurrence risk
Connection pool exhaustion
High — can re-exhaust under traffic after restart
Cascading failure from downstream dependency
High — dependency may degrade again before fix deployed
One-off memory leak fixed by restart
Medium — leak will return; patch still needed
4 / 5
A post-mortem assigns: "Add PagerDuty alert for connection pool exhaustion — Owner: Kenji — Due: 2 weeks." What makes post-mortem action items effective?
Correct: B. Vague post-mortem actions ("improve monitoring," "add more tests") reliably sit unactioned. Effective actions are SMART: specific about what to build or change, assigned to one named person (not a team), given a concrete due date, and tracked in whatever system the team uses for work. The post-mortem is only as valuable as the follow-through on its action items.
Ineffective action item
Effective action item
"Team to improve observability"
"Add connection pool utilisation alert at 80 % — Kenji — 2 weeks"
"Better testing needed"
"Add load test for pool exhaustion scenario to CI suite — Aiko — 3 weeks"
5 / 5
The IC sends a final message to all channels: "All-clear: the incident is fully resolved. Thank you all for your response." What is the purpose of a formal all-clear declaration?
Correct: B. The all-clear is the formal, final signal that the incident is completely over. Without it, stakeholders remain uncertain ("is it really fixed?"), responders stay in a state of partial alert, and the psychological burden of the incident lingers. The phrase also serves a human purpose: acknowledging the team's effort. In some frameworks the all-clear also officially starts the post-mortem clock — the window for scheduling the review.
Incident closure step
What it communicates
"Mitigated"
Customer impact stopped; root cause work ongoing
"Resolved"
Root cause fixed; service stable
"All-clear"
Response formally ended; team stands down; post-mortem next