nerdexam
ExamsGCIHQuestions#748
GIAC

GCIH · Question #748

GCIH Question #748: Real Exam Question with Answer & Explanation

The correct answer is A: Preparation. The Preparation phase of incident response is when analysts review policies, playbooks, and baseline data to ensure readiness before an incident occurs.

Question

During which phase of incident response would an analyst review the following data?

Exhibit

GCIH question #748 exhibit

Options

  • APreparation
  • BReconnaissance
  • CDetection
  • DEnumeration

Explanation

The Preparation phase of incident response is when analysts review policies, playbooks, and baseline data to ensure readiness before an incident occurs.

Common mistakes.

  • B. Reconnaissance is a phase of an attacker's kill chain or attack lifecycle, not a recognized phase of the incident response process.
  • C. Detection (or Detection and Analysis) is the IR phase where analysts identify that an incident has occurred, not where preparatory data is reviewed.
  • D. Enumeration is a phase in an attack methodology used by threat actors, not a recognized phase of the incident response lifecycle.

Concept tested. Incident response lifecycle - Preparation phase activities

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice