nerdexam
EC-Council

212-89 · Question #92

212-89 Question #92: Real Exam Question with Answer & Explanation

The correct answer is C. Post-incident activities. James is working on the post-incident activities stage of the Incident Handling and Response (IH&R) process. After containing the spread of the infection and removing the malware, the focus shifts to assessing the impact of the incident on the organization and preparing a detaile

Question

XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability in the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident. Which of the following stages in IH&R process is James working on?

Options

  • ANotification
  • BEvidence gathering and forensics analysis
  • CPost-incident activities
  • DEradication

Explanation

James is working on the post-incident activities stage of the Incident Handling and Response (IH&R) process. After containing the spread of the infection and removing the malware, the focus shifts to assessing the impact of the incident on the organization and preparing a detailed report. This phase involves analyzing the extent of the damage, determining the cost of the attack, evaluating how well the incident was managed, and identifying lessons learned to improve future response efforts. The objective is to restore systems to normal operation, ensure no remnants of the threat remain, and implement measures to prevent recurrence.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 212-89 Practice