nerdexam
CSA

CCSK · Question #182

CCSK Question #182: Real Exam Question with Answer & Explanation

The correct answer is C. Detection & Analysis. Security Guidance v4.0 > p.102 > 9.1.1 Incident Response Lifecycle: - Alerts [endpoint protection, network security monitoring creation, privilege escalation, other indicators of compromise (baseline and anomaly detection), and user behavior analytics - Validate alerts (reducing

Question

Which phase of the incident response lifecycle includes creating and validating alerts?

Options

  • APreparation
  • BContainment, Eradication, Recovery
  • CDetection & Analysis
  • DAuditing & Logging
  • EPost-mortem

Explanation

Security Guidance v4.0 > p.102 > 9.1.1 Incident Response Lifecycle: - Alerts [endpoint protection, network security monitoring creation, privilege escalation, other indicators of compromise (baseline and anomaly detection), and user behavior analytics - Validate alerts (reducing false positives) and escalation.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCSK Practice