200-201 · Question #272
200-201 Question #272: Real Exam Question with Answer & Explanation
The correct answer is A: detection and analysis. NIST SP 800-61 Rev. 2 outlines the Incident Response Lifecycle, which includes distinct phases for actively identifying and analyzing security incidents, as well as conducting crucial follow-up activities.
Question
Which two elements of the incident response process are stated in NIST SP 800-61 r2? (Choose two.)
Options
- Adetection and analysis
- Bpost-incident activity
- Cvulnerability scoring
- Dvulnerability management
- Erisk assessment
Explanation
NIST SP 800-61 Rev. 2 outlines the Incident Response Lifecycle, which includes distinct phases for actively identifying and analyzing security incidents, as well as conducting crucial follow-up activities.
Common mistakes.
- C. Vulnerability scoring is typically part of vulnerability management or risk assessment, not a distinct phase within the incident response process itself.
- D. Vulnerability management is a proactive process for identifying, assessing, and remediating vulnerabilities, which is separate from the reactive incident response process.
- E. Risk assessment is a broader security governance activity that identifies, evaluates, and prioritizes risks, rather than a specific step in handling an ongoing security incident.
Concept tested. NIST incident response phases
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.