nerdexam
ExamsGCIHQuestions#368
GIAC

GCIH · Question #368

GCIH Question #368: Real Exam Question with Answer & Explanation

The correct answer is D: Containment. It is important to document various characteristics of the incident early on in the Containment phase. The FIRST organization distributes an incident Case Classification document that recommends characterizing an incident based on three areas: it's general category, the criticali

Question

A helpdesk ticket has been escalated to the incident response team. According to the FIRST organization classification guidelines, during which incident response phase should the team document the following information? Category: Compromised Intellectual Property Criticality: High Sensitivity: Restricted to response team and management

Options

  • APreparation
  • BEradication
  • CLessons Learned
  • DContainment

Explanation

It is important to document various characteristics of the incident early on in the Containment phase. The FIRST organization distributes an incident Case Classification document that recommends characterizing an incident based on three areas: it's general category, the criticality of impacted systems and data, and the sensitivity with which information about the case itself should be treated.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice