nerdexam
(ISC)2

CISSP-ISSAP · Question #21

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected vir

The correct answer is A. Eradication. Eradication is correct because this phase focuses on removing the root cause of the incident - in this case, deploying the newly created virus signature to security tools (antivirus, IDS/IPS) to detect and eliminate all instances of the malware from the network. Why the distracto

Security Operations Architecture

Question

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

Options

  • AEradication
  • BIdentification
  • CRecovery
  • DContainment

How the community answered

(30 responses)
  • A
    80% (24)
  • B
    3% (1)
  • C
    7% (2)
  • D
    10% (3)

Explanation

Eradication is correct because this phase focuses on removing the root cause of the incident - in this case, deploying the newly created virus signature to security tools (antivirus, IDS/IPS) to detect and eliminate all instances of the malware from the network.

Why the distractors are wrong:

  • Identification (B) is where you detect and analyze the incident and create the signature - the signature is produced here, not deployed.
  • Containment (D) limits the spread of the incident (e.g., isolating infected systems) but doesn't remove the threat; it happens before eradication.
  • Recovery (C) restores systems to normal operation after the threat is removed - it assumes eradication is already complete.

Memory tip: Think of the phases in order - Identify the threat → Contain the spread → Eradicate the cause → Recover systems. The signature is built during Identification and used during Eradication, just like you'd identify a disease before prescribing the cure.

Topics

#Incident Eradication#Malware Signature#Incident Response#Virus Detection

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice