GIAC
GCIH · Question #623
GCIH Question #623: Real Exam Question with Answer & Explanation
Sign in or unlock GCIH to reveal the answer and full explanation for question #623. The question stem and answer options stay visible for context.
Incident Response & Cyber Kill Chain
Question
An incident handler concluded that a recent breach could have been prevented with a software patch. In their report they recommended the organization perform regular vulnerability scans, document the findings and update software assets. Six months later the incident handler investigates a new breach and concludes the web server was infected due to an outdated version of a Content Management System (CMS). Based on this information, what part of the incident handling process does the organization need to improve?
Options
- ADisabling unused software to prevent infection
- BIdentifying and responding to incidents quickly
- CFollowing up on post-incident recommendations
- DMaintaining time-stamped logs of user activity
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#post-incident review#patch management#lessons learned#incident handling lifecycle