nerdexam
Cisco

210-255 · Question #128

Which incident handling is focused on minimizing the impact of an incident?

The correct answer is C. Containment. Containment is the incident response phase specifically aimed at limiting the spread and minimizing the impact of an active incident.

Security Policies and Procedures

Question

Which incident handling is focused on minimizing the impact of an incident?

Options

  • AScoping
  • BReporting
  • CContainment
  • DEradication

How the community answered

(31 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    87% (27)
  • D
    3% (1)

Why each option

Containment is the incident response phase specifically aimed at limiting the spread and minimizing the impact of an active incident.

AScoping

Scoping is concerned with determining the full extent and boundaries of an incident, not with stopping or limiting its damage.

BReporting

Reporting involves communicating incident details to stakeholders and authorities, which is a documentation and notification activity rather than a damage-limiting one.

CContainmentCorrect

Containment, as defined in NIST SP 800-61, is the phase where responders take immediate action to stop an incident from spreading further and reduce its damage - for example by isolating affected systems, blocking malicious IPs, or disabling compromised accounts. It is explicitly focused on minimizing impact before eradication and recovery begin.

DEradication

Eradication focuses on completely removing the threat (malware, backdoors, compromised credentials) after containment has already limited the impact.

Concept tested: Incident response containment phase purpose

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident response#containment#incident handling#impact minimization

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice