312-50V13 · Question #209
Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skep
The correct answer is D. Incident triage. Option D (Incident Triage) is correct because triage is the IH&R phase where a security analyst examines a reported incident to determine and document critical details such as the type of attack, severity, target system, impact, propagation method, and vulnerabilities exploited -
Question
Options
- APreparation
- BEradication
- CIncident recording and assignment
- DIncident triage
How the community answered
(17 responses)- A6% (1)
- C12% (2)
- D82% (14)
Explanation
Option D (Incident Triage) is correct because triage is the IH&R phase where a security analyst examines a reported incident to determine and document critical details such as the type of attack, severity, target system, impact, propagation method, and vulnerabilities exploited - exactly what Robert performed when analyzing the compromised device.
Why the distractors are wrong:
- A (Preparation) involves establishing policies, tools, and response teams before an incident occurs, not analyzing one in progress.
- B (Eradication) comes after containment and focuses on removing the threat (e.g., deleting malware, patching vulnerabilities), not identifying incident details.
- C (Incident Recording and Assignment) is the initial step of simply logging the incident and assigning it to the appropriate personnel - it does not involve the deep technical analysis Robert performed.
Memory Tip: Think of triage like an emergency room nurse who quickly assesses a patient's condition, severity, and cause before treatment begins - similarly, Robert is "diagnosing" the incident by gathering key details before any remediation action is taken. If you see words like severity, impact, type of attack, or vulnerabilities exploited, think Triage.
Topics
Community Discussion
No community discussion yet for this question.