nerdexam
Exams312-50V13Questions#209
EC-CouncilEC-Council

312-50V13 · Question #209

312-50V13 Question #209: Real Exam Question with Answer & Explanation

The correct answer is D: Incident triage. Option D (Incident Triage) is correct because triage is the IH&R phase where a security analyst examines a reported incident to determine and document critical details such as the type of attack, severity, target system, impact, propagation method, and vulnerabilities exploited -

Submitted by thandi_sa· Mar 6, 2026Introduction to Ethical Hacking

Question

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Options

  • APreparation
  • BEradication
  • CIncident recording and assignment
  • DIncident triage

Explanation

Option D (Incident Triage) is correct because triage is the IH&R phase where a security analyst examines a reported incident to determine and document critical details such as the type of attack, severity, target system, impact, propagation method, and vulnerabilities exploited - exactly what Robert performed when analyzing the compromised device.

Why the distractors are wrong:

  • A (Preparation) involves establishing policies, tools, and response teams before an incident occurs, not analyzing one in progress.
  • B (Eradication) comes after containment and focuses on removing the threat (e.g., deleting malware, patching vulnerabilities), not identifying incident details.
  • C (Incident Recording and Assignment) is the initial step of simply logging the incident and assigning it to the appropriate personnel - it does not involve the deep technical analysis Robert performed.

Memory Tip: Think of triage like an emergency room nurse who quickly assesses a patient's condition, severity, and cause before treatment begins - similarly, Robert is "diagnosing" the incident by gathering key details before any remediation action is taken. If you see words like severity, impact, type of attack, or vulnerabilities exploited, think Triage.

Topics

#Incident Handling#Incident Response#Incident Triage#Cybersecurity Operations

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V13 PracticeBrowse All 312-50V13 Questions