CAS-005 · Question #295
CAS-005 Question #295: Real Exam Question with Answer & Explanation
The correct answer is B: Containment. Incident response follows a standard process (e.g., NIST 800-61): Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. After identifying the attack (file and origin), the next step is Containment--limiting the spread or impact (e.g., isolating systems
Question
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the next step of the incident response plan?
Options
- ARemediation
- BContainment
- CResponse
- DRecovery
Explanation
Incident response follows a standard process (e.g., NIST 800-61): Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. After identifying the attack (file and origin), the next step is Containment--limiting the spread or impact (e.g., isolating systems) before remediation or recovery.
Community Discussion
No community discussion yet for this question.