nerdexam
Exams200-201Questions#171
CiscoCisco

200-201 · Question #171

200-201 Question #171: Real Exam Question with Answer & Explanation

The correct order follows the NIST SP 800-61 Incident Response Lifecycle: Preparation must come first as it establishes policies, tools, and training before any incident occurs. Detection and Analysis follows, as you must identify and confirm an incident before acting on it. Cont

Submitted by tom_us· Mar 6, 2026CompTIA Security+ / CySA+ - Incident Response: Understanding and applying the phases of the incident response process in the correct sequential order.

Question

Drag and Drop Question Drag and drop the elements from the left into the correct order for incident handling on the right. Answer:

Explanation

The correct order follows the NIST SP 800-61 Incident Response Lifecycle: Preparation must come first as it establishes policies, tools, and training before any incident occurs. Detection and Analysis follows, as you must identify and confirm an incident before acting on it. Containment, Eradication, and Recovery comes next to stop the spread, eliminate the threat, and restore systems. Finally, Post-Incident Analysis (lessons learned) occurs after the incident is resolved to improve future response capabilities.

Topics

#Incident Response#NIST SP 800-61#Security Operations#Incident Handling Lifecycle

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions