nerdexam
Cisco

210-255 · Question #63

Which component of the NIST SP800-61 r2 incident handling strategy reviews data?

The correct answer is D. post-incident analysis. The post-incident activity phase of NIST SP800-61 r2 is specifically where incident data is reviewed, lessons are documented, and process improvements are identified.

Security Policies and Procedures

Question

Which component of the NIST SP800-61 r2 incident handling strategy reviews data?

Options

  • Apreparation
  • Bdetection and analysis
  • Ccontainment, eradication, and recovery
  • Dpost-incident analysis

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    6% (3)
  • D
    91% (48)

Why each option

The post-incident activity phase of NIST SP800-61 r2 is specifically where incident data is reviewed, lessons are documented, and process improvements are identified.

Apreparation

Preparation focuses on building incident handling capability, acquiring tools, and establishing policies before incidents occur, not reviewing data from completed incidents.

Bdetection and analysis

Detection and analysis is the active phase of identifying indicators of compromise and understanding an ongoing incident in real time, not a retrospective data review.

Ccontainment, eradication, and recovery

Containment, eradication, and recovery involves actively limiting damage, removing threats, and restoring systems during an incident - it is an operational response phase, not a data review phase.

Dpost-incident analysisCorrect

NIST SP800-61 r2 defines post-incident activity as the phase that includes a formal lessons-learned meeting and retrospective analysis of all data collected during the incident. This phase systematically examines what occurred, how effectively the team responded, and what procedural or technical changes should be implemented - making it the component explicitly responsible for reviewing incident data after resolution.

Concept tested: NIST SP800-61 r2 post-incident activity phase responsibilities

Source: https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Topics

#NIST SP800-61#incident response lifecycle#post-incident analysis#incident handling

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice