EC-Council
312-39 · Question #4
312-39 Question #4: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #4. The question stem and answer options stay visible for context.
Question
One week after a ransomware attack disrupted operations, Sarah, a SOC analyst, leads a review meeting with the IT team, security engineers, and business unit representatives. The group reviews the incident timeline, calculates a business impact of $157,000 due to downtime and data loss, and identifies seven critical improvements to enhance detection and response processes. Which of the following Incident Response phase is this?
Options
- ARecovery
- BPost-Incident Activities
- CEradication
- DContainment
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.