CERTIFIED-IN-CYBERSECURITY · Question #131
CERTIFIED-IN-CYBERSECURITY Question #131: Real Exam Question with Answer & Explanation
The correct answer is B: Identification. The correct answer is security incident, understanding its impact, and prioritizing the response. Indicators of compromise and log analysis are key tools used in this phase to review events and identify potential security incidents. For example, suppose an organization's network
Question
In an incident response process, which phase uses indicators of compromise and log analysis as part of a review of events?
Options
- AContainment
- BIdentification
- CPreparation
- DThe identification phase of an incident response process involves recognizing the signs of a
Explanation
The correct answer is security incident, understanding its impact, and prioritizing the response. Indicators of compromise and log analysis are key tools used in this phase to review events and identify potential security incidents. For example, suppose an organization's network monitoring system detects unusual traffic patterns. The cybersecurity team would then use indicators of compromise, such as known malicious IP addresses or unusual file modifications, to determine whether a security incident has occurred. They would also analyze logs from various systems to identify any abnormal activity that could indicate an attack. The remaining options are incorrect because they represent other phases of the incident response process that do not primarily involve the use of indicators of compromise and log analysis. Specifically, preparation involves developing the tools, processes, and procedures necessary to respond to potential incidents. Containment is the phase of limiting the impact of the incident to prevent further damage, and remediation involves removing the threat from the system and restoring any affected
Topics
Community Discussion
No community discussion yet for this question.