CERTIFIED-IN-CYBERSECURITY · Question #248
CERTIFIED-IN-CYBERSECURITY Question #248: Real Exam Question with Answer & Explanation
The correct answer is A: Containment. During the containment phase of the incident response process, security administrators work to minimize the impact or extent of an incident (see ISC2 Study Guide, Module 1, under Incident Response). This may involve containing the incident, isolating affected systems, and impleme
Question
What phase of the incident response process is aimed at minimizing the impact or extent of an incident?
Options
- AContainment
- BResponse
- CDetection
- DRecovery
Explanation
During the containment phase of the incident response process, security administrators work to minimize the impact or extent of an incident (see ISC2 Study Guide, Module 1, under Incident Response). This may involve containing the incident, isolating affected systems, and implementing temporary fixes to prevent further damage. For example, in the containment phase of a ransomware attack a security administrator would first isolate the infected systems to prevent the malware from spreading to other systems on the network. In addition, the network could be disconnected from the internet temporarily to prevent the attacker from gaining further access or transmitting stolen data. All these helps to minimize the damage and impact of the incident. The detection phase is focused on identifying that an incident has occurred. Response is the phase that involves taking immediate action to stop the incident. Recovery phase involves restoring systems to normal operations and implementing long-term fixes to prevent similar incidents from occurring in the future
Topics
Community Discussion
No community discussion yet for this question.