nerdexam
GIAC

GSEC · Question #294

GSEC Question #294: Real Exam Question with Answer & Explanation

The correct answer is C. Ensuring that vulnerable code is not being restored. During the recovery phase of incident response, the most critical consideration is ensuring that the restored system does not reintroduce the same vulnerability that caused the incident.

Question

Which of the following is the key point to consider in the recovery phase of incident handling? Which of the following is the key point to consider in the recovery phase of incident handling?

Options

  • AIsolating the source of the compromise
  • BShutting down the system
  • CEnsuring that vulnerable code is not being restored
  • DPreparing the jump bag

Explanation

During the recovery phase of incident response, the most critical consideration is ensuring that the restored system does not reintroduce the same vulnerability that caused the incident.

Common mistakes.

  • A. Isolating the source of the compromise is an activity belonging to the containment phase, which occurs before recovery.
  • B. Shutting down a system is a containment or eradication action taken earlier in the incident lifecycle, not a recovery activity.
  • D. Preparing the jump bag (incident response toolkit) is a preparation phase activity completed before any incident occurs.

Concept tested. Incident response recovery phase key considerations

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice