Question related to CompTIA Cybersecurity Analyst (CySA+) 20 Practice Exam questions on Lets Defend

Hello, I just came across this question from the CompTIA Cybersecurity Analyst (CySA+) 20 Practice Exam questions on Lets Defend.

Question 10:
“What is the first step in the incident response process?”
why the “Preperation” is not the correct answer and “Identification”
is the correct answer.

Below is the link for the practice exam:
CompTIA Cybersecurity Analyst (CySA+) Practice Exam

The Preparation is the prior step at Identification step, where you try to avoid that a real incident presented, but in this case when you respond an incident, mean that the Preparation step not take place in success way, because was not able to prevent this incident.

If the incident exist, firstly you must identified for then delete or eradicate this