210-255 · Question #13
Which element is part of an incident response plan?
The correct answer is A. organizational approach to incident response. An incident response plan centers on defining the organizational approach to detecting, responding to, and recovering from security incidents. The other options describe separate planning domains outside the scope of incident response.
Question
Which element is part of an incident response plan?
Options
- Aorganizational approach to incident response
- Borganizational approach to security
- Cdisaster recovery
- Dbackups
How the community answered
(50 responses)- A88% (44)
- B2% (1)
- C6% (3)
- D4% (2)
Why each option
An incident response plan centers on defining the organizational approach to detecting, responding to, and recovering from security incidents. The other options describe separate planning domains outside the scope of incident response.
NIST SP 800-61 r2 defines an incident response plan as primarily establishing the organizational approach to incident response, including roles, responsibilities, communication channels, and response procedures that guide teams during a security incident.
Organizational approach to security describes the broader security program and posture, which is a higher-level concept not specific to incident response planning.
Disaster recovery is a business continuity planning element focused on restoring critical operations after a major disruption, and it is maintained separately from an incident response plan.
Backups are a data protection control used in recovery operations, not a defining element of an incident response plan.
Concept tested: Core elements of an incident response plan
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.