nerdexam
Cisco

210-255 · Question #13

Which element is part of an incident response plan?

The correct answer is A. organizational approach to incident response. An incident response plan centers on defining the organizational approach to detecting, responding to, and recovering from security incidents. The other options describe separate planning domains outside the scope of incident response.

Security Policies and Procedures

Question

Which element is part of an incident response plan?

Options

  • Aorganizational approach to incident response
  • Borganizational approach to security
  • Cdisaster recovery
  • Dbackups

How the community answered

(50 responses)
  • A
    88% (44)
  • B
    2% (1)
  • C
    6% (3)
  • D
    4% (2)

Why each option

An incident response plan centers on defining the organizational approach to detecting, responding to, and recovering from security incidents. The other options describe separate planning domains outside the scope of incident response.

Aorganizational approach to incident responseCorrect

NIST SP 800-61 r2 defines an incident response plan as primarily establishing the organizational approach to incident response, including roles, responsibilities, communication channels, and response procedures that guide teams during a security incident.

Borganizational approach to security

Organizational approach to security describes the broader security program and posture, which is a higher-level concept not specific to incident response planning.

Cdisaster recovery

Disaster recovery is a business continuity planning element focused on restoring critical operations after a major disruption, and it is maintained separately from an incident response plan.

Dbackups

Backups are a data protection control used in recovery operations, not a defining element of an incident response plan.

Concept tested: Core elements of an incident response plan

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident response plan#IR procedures#security planning#organizational policy

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice