nerdexam
EC-Council

312-50V10 · Question #848

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skep

The correct answer is D. Incident triage. Incident triage is the IH&R phase where an analyst examines a security incident to determine its type, severity, target, impact, propagation method, and exploited vulnerabilities. Robert's detailed device analysis matches the triage phase, not incident recording and assignment as

Information Security and Ethical Hacking Fundamentals

Question

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Options

  • APreparation
  • BEradication
  • CIncident recording and assignment
  • DIncident triage

How the community answered

(45 responses)
  • A
    2% (1)
  • B
    11% (5)
  • C
    7% (3)
  • D
    80% (36)

Why each option

Incident triage is the IH&R phase where an analyst examines a security incident to determine its type, severity, target, impact, propagation method, and exploited vulnerabilities. Robert's detailed device analysis matches the triage phase, not incident recording and assignment as the answer key states.

APreparation

Preparation is a proactive phase conducted before any incident occurs and involves building policies, response teams, communication plans, and tooling.

BEradication

Eradication involves removing malware, revoking attacker access, and patching exploited vulnerabilities after the threat has already been contained.

CIncident recording and assignment

Incident recording and assignment covers logging the initial incident report and routing it to the appropriate response team - not performing detailed technical analysis of attack characteristics and impact.

DIncident triageCorrect

The incident triage phase involves systematically analyzing a confirmed incident to characterize it - determining the attack type, severity rating, affected targets, organizational impact, propagation method, and which vulnerabilities were exploited - exactly the activities Robert performed on the compromised device. Triage provides the technical understanding required before containment or eradication can begin. This phase follows initial recording and assignment and focuses on deep technical investigation of the incident.

Concept tested: Incident triage phase in IH&R lifecycle

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#incident triage#incident handling#IH&R phases#attack analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice