nerdexam
(ISC)2

CISSP-ISSAP · Question #114

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

The correct answer is D. Preparation phase. Preparation is correct because it is the foundational phase that occurs before any incident happens - it encompasses defining policies and rules, training and organizing the security team (collaborating human workforce), establishing backup and continuity plans, and conducting dr

Security Operations Architecture

Question

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

Options

  • AEradication phase
  • BRecovery phase
  • CContainment phase
  • DPreparation phase
  • EIdentification phase

How the community answered

(25 responses)
  • A
    4% (1)
  • D
    88% (22)
  • E
    8% (2)

Explanation

Preparation is correct because it is the foundational phase that occurs before any incident happens - it encompasses defining policies and rules, training and organizing the security team (collaborating human workforce), establishing backup and continuity plans, and conducting drills to validate those plans.

The distractors are wrong because each describes a reactive phase that only begins after an incident is detected: Identification (E) is about detecting and confirming that an incident has occurred; Containment (C) focuses on limiting the spread or damage of an active incident; Eradication (A) involves removing the threat (malware, compromised accounts, etc.) from the environment; and Recovery (B) is about restoring systems to normal operation after the threat is removed.

Memory tip: Think of Preparation as Pre-incident - everything with a "P" happens before the fire starts (Policies, Plans, Practice drills, People training). If the action only makes sense during or after an active incident, it belongs to one of the later phases.

Topics

#Incident Response Preparation#Incident Handling Phases#Crisis Management#Business Continuity Planning

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice