nerdexam
GIAC

GCFA · Question #189

GCFA Question #189: Real Exam Question with Answer & Explanation

The correct answer is E. Preparation phase. The Preparation phase is the pre-incident phase where organizations define policies, train teams, create backup plans, and test response procedures before any incident occurs.

Question

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

Options

  • ARecovery phase
  • BEradication phase
  • CIdentification phase
  • DContainment phase
  • EPreparation phase

Explanation

The Preparation phase is the pre-incident phase where organizations define policies, train teams, create backup plans, and test response procedures before any incident occurs.

Common mistakes.

  • A. The Recovery phase focuses on restoring affected systems and services to normal operation after threats have been removed, not on defining rules or creating plans.
  • B. The Eradication phase is concerned with removing the root cause of the incident such as deleting malware or patching vulnerabilities, not on pre-incident planning or workforce organization.
  • C. The Identification phase involves detecting, logging, and confirming that a security incident has occurred, not on defining rules or building response infrastructure.
  • D. The Containment phase focuses on limiting the spread and damage of an active incident, not on workforce collaboration or plan development.

Concept tested. Incident response lifecycle - Preparation phase responsibilities

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice
Which of the following Incident handling process phases is... | GCFA Q#189 Answer | NerdExam