312-50V9 · Question #374
Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?
The correct answer is A. Preparation phase. The Preparation phase of the Incident Handling Process is where organizations proactively build policies, train staff, and validate response plans before any incident occurs.
Question
Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?
Options
- APreparation phase
- BContainment phase
- CRecovery phase
- DIdentification phase
How the community answered
(27 responses)- A93% (25)
- B4% (1)
- D4% (1)
Why each option
The Preparation phase of the Incident Handling Process is where organizations proactively build policies, train staff, and validate response plans before any incident occurs.
The Preparation phase is the foundational pre-incident stage defined in NIST SP 800-61 where organizations establish security policies and rules, assign and train their human workforce, create backup and contingency plans, and test those plans through exercises or drills. Every activity listed in the question - defining rules, collaborating workforce, creating backup plans, and testing plans - is a preparation activity performed before an incident is detected.
The Containment phase focuses on limiting the spread and damage of an incident that is already in progress.
The Recovery phase involves restoring affected systems, services, and data to normal operation after an incident has been eradicated.
The Identification phase involves detecting events, analyzing indicators, and determining whether a security incident has actually occurred.
Concept tested: Incident Handling Process preparation phase activities
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.