nerdexam
Cisco

210-255 · Question #28

Which information must be left out of a final incident report?

The correct answer is A. server hardware configurations. A final incident report should focus on security-relevant details of the event, and specific server hardware configurations are excluded because they expose sensitive infrastructure details that could create additional security risks.

Security Policies and Procedures

Question

Which information must be left out of a final incident report?

Options

  • Aserver hardware configurations
  • Bexploit or vulnerability used
  • Cimpact and/or the financial loss
  • Dhow the incident was detected

How the community answered

(34 responses)
  • A
    91% (31)
  • C
    6% (2)
  • D
    3% (1)

Why each option

A final incident report should focus on security-relevant details of the event, and specific server hardware configurations are excluded because they expose sensitive infrastructure details that could create additional security risks.

Aserver hardware configurationsCorrect

Server hardware configurations are operationally sensitive details that are not relevant to documenting the security incident itself, and including them in a final report could expose the organization to further risk if the report is shared with stakeholders, executives, or third parties. Incident reports are intended to document what happened, the impact, detection methods, and remediation steps.

Bexploit or vulnerability used

The exploit or vulnerability used must be included so that the organization and stakeholders can understand the attack vector and take corrective action to prevent recurrence.

Cimpact and/or the financial loss

Impact and financial loss must be included to inform management, justify remediation costs, and satisfy regulatory or insurance reporting requirements.

Dhow the incident was detected

How the incident was detected must be included to evaluate detection capabilities and improve future response times.

Concept tested: Incident response reporting - required and excluded content

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident reporting#documentation#report contents#incident response

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice