CISSP-ISSAP · Question #114
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
The correct answer is D. Preparation phase. Preparation is correct because it is the foundational phase that occurs before any incident happens - it encompasses defining policies and rules, training and organizing the security team (collaborating human workforce), establishing backup and continuity plans, and conducting dr
Question
Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?
Options
- AEradication phase
- BRecovery phase
- CContainment phase
- DPreparation phase
- EIdentification phase
How the community answered
(25 responses)- A4% (1)
- D88% (22)
- E8% (2)
Explanation
Preparation is correct because it is the foundational phase that occurs before any incident happens - it encompasses defining policies and rules, training and organizing the security team (collaborating human workforce), establishing backup and continuity plans, and conducting drills to validate those plans.
The distractors are wrong because each describes a reactive phase that only begins after an incident is detected: Identification (E) is about detecting and confirming that an incident has occurred; Containment (C) focuses on limiting the spread or damage of an active incident; Eradication (A) involves removing the threat (malware, compromised accounts, etc.) from the environment; and Recovery (B) is about restoring systems to normal operation after the threat is removed.
Memory tip: Think of Preparation as Pre-incident - everything with a "P" happens before the fire starts (Policies, Plans, Practice drills, People training). If the action only makes sense during or after an active incident, it belongs to one of the later phases.
Topics
Community Discussion
No community discussion yet for this question.