GIAC
GCIH · Question #279
GCIH Question #279: Real Exam Question with Answer & Explanation
The correct answer is C: Create incident checklists.. Creating incident checklists is the most efficient way to ensure all incident response steps are completed consistently without adding significant administrative burden.
Incident Response & Cyber Kill Chain
Question
Adam works as an Incident Handler for Umbrella Inc. His recent actions towards the incident are not up to the standard norms of the company. He always forgets some steps and procedures while handling responses as they are very hectic to perform. Which of the following steps should Adam take to overcome this problem with the least administrative effort?
Options
- ACreate incident manual read it every time incident occurs.
- BAppoint someone else to check the procedures.
- CCreate incident checklists.
- DCreate new sub-team to keep check.
Explanation
Creating incident checklists is the most efficient way to ensure all incident response steps are completed consistently without adding significant administrative burden.
Common mistakes.
- A. Reading an incident manual each time an incident occurs is time-consuming and increases cognitive load during a hectic response, representing high administrative effort rather than the least effort.
- B. Appointing another person to verify procedures adds staffing overhead and creates a dependency that may not be available during every incident.
- D. Creating a sub-team incurs significant administrative, training, and coordination overhead, far exceeding what is needed to solve a procedural consistency problem.
Concept tested. Incident response checklist and least administrative effort
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
#incident response#checklists#incident handling procedures#administrative efficiency
Community Discussion
No community discussion yet for this question.