nerdexam
ExamsGCIHQuestions#6
GIAC

GCIH · Question #6

GCIH Question #6: Real Exam Question with Answer & Explanation

The correct answer is A: Freeze the scene.. The primary goals of an incident handling team are operational - preserve evidence, contain damage, and restore systems - not administrative escalation. Informing higher authorities is a management communication task, not a core incident handling objective.

Question

Which of the following are the primary goals of the incident handling team? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AFreeze the scene.
  • BRepair any damage caused by an incident.
  • CPrevent any further damage.
  • DInform higher authorities.

Explanation

The primary goals of an incident handling team are operational - preserve evidence, contain damage, and restore systems - not administrative escalation. Informing higher authorities is a management communication task, not a core incident handling objective.

Common mistakes.

  • D. Informing higher authorities is a management and communications responsibility handled by organizational leadership or a designated communications officer, not a primary technical goal of the incident handling team itself.

Concept tested. Incident response team primary objectives and scope

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice