210-255 · Question #28
Which information must be left out of a final incident report?
The correct answer is A. server hardware configurations. A final incident report should focus on security-relevant details of the event, and specific server hardware configurations are excluded because they expose sensitive infrastructure details that could create additional security risks.
Question
Which information must be left out of a final incident report?
Options
- Aserver hardware configurations
- Bexploit or vulnerability used
- Cimpact and/or the financial loss
- Dhow the incident was detected
How the community answered
(34 responses)- A91% (31)
- C6% (2)
- D3% (1)
Why each option
A final incident report should focus on security-relevant details of the event, and specific server hardware configurations are excluded because they expose sensitive infrastructure details that could create additional security risks.
Server hardware configurations are operationally sensitive details that are not relevant to documenting the security incident itself, and including them in a final report could expose the organization to further risk if the report is shared with stakeholders, executives, or third parties. Incident reports are intended to document what happened, the impact, detection methods, and remediation steps.
The exploit or vulnerability used must be included so that the organization and stakeholders can understand the attack vector and take corrective action to prevent recurrence.
Impact and financial loss must be included to inform management, justify remediation costs, and satisfy regulatory or insurance reporting requirements.
How the incident was detected must be included to evaluate detection capabilities and improve future response times.
Concept tested: Incident response reporting - required and excluded content
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.