nerdexam
ExamsGCIHQuestions#491
GIAC

GCIH · Question #491

GCIH Question #491: Real Exam Question with Answer & Explanation

The correct answer is A: Preparation. The Preparation phase is when organizations proactively develop policies, procedures, and defenses before incidents occur. Patch management and encryption policies are preventive controls established during this phase to reduce the risk of worm attacks.

Question

During which Incident Handling phase would steps for preventing successful worm attacks occur, such as developing patch management and file encryption policies and processes?

Options

  • APreparation
  • BContainment
  • CIdentification
  • DEradication
  • ERecovery

Explanation

The Preparation phase is when organizations proactively develop policies, procedures, and defenses before incidents occur. Patch management and encryption policies are preventive controls established during this phase to reduce the risk of worm attacks.

Common mistakes.

  • B. Containment focuses on limiting the spread and damage of an active, in-progress incident, not on developing preventive policies.
  • C. Identification focuses on detecting and confirming that an incident has occurred, not on creating preventive policies or controls.
  • D. Eradication focuses on removing the threat from systems after the incident has been contained, not on building preventive policy frameworks.
  • E. Recovery focuses on restoring affected systems to normal operation after eradication, not on developing preventive policies.

Concept tested. Incident handling Preparation phase activities

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice