nerdexam
Exams210-255Questions#66
Cisco

210-255 · Question #66

210-255 Question #66: Real Exam Question with Answer & Explanation

The correct answer is D: determining that a security event has occurred. The identification phase of incident handling is focused on confirming and determining that an actual security incident has occurred, distinguishing real events from false positives.

Question

What is accomplished in the identification phase of incident handling?

Options

  • Adetermining the responsible user
  • Bidentifying source and destination IP addresses
  • Cdefining the limits of your authority related to a security event
  • Ddetermining that a security event has occurred

Explanation

The identification phase of incident handling is focused on confirming and determining that an actual security incident has occurred, distinguishing real events from false positives.

Common mistakes.

  • A. Determining the responsible user is part of the investigation or forensics stage, which occurs after the incident has been identified and contained.
  • B. Identifying source and destination IP addresses is a technical analysis activity that occurs during the analysis or containment phase, not the initial identification phase.
  • C. Defining the limits of authority related to a security event is part of the preparation phase, where policies, roles, and rules of engagement are established before any incident occurs.

Concept tested. Incident response lifecycle - identification phase

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice