(ISC)2(ISC)2
SSCP · Question #1151
SSCP Question #1151: Real Exam Question with Answer & Explanation
The correct answer is B: Prosecute. "Prosecute" is not a standard step in the cybersecurity incident response lifecycle, which focuses on technical and organizational actions to mitigate and learn from incidents.
Submitted by cyberguy42· Apr 18, 2026Incident Response and Recovery
Question
Each of the following is a valid step in handling incidents except ____________
Options
- AContain
- BProsecute
- CRecover
- DReview
- EIdentify
- FPrepare
Explanation
"Prosecute" is not a standard step in the cybersecurity incident response lifecycle, which focuses on technical and organizational actions to mitigate and learn from incidents.
Common mistakes.
- A. Containment is a crucial step to limit the scope and impact of an incident.
- C. Recovery is a vital step to restore affected systems and services to normal operation.
- D. Review (or Lessons Learned) is essential for improving future incident response capabilities.
- E. Identification is the initial step of determining whether an event is indeed an incident.
- F. Preparation is the foundational step that ensures an organization is ready to handle incidents effectively.
Concept tested. Incident response lifecycle (NIST SP 800-61)
Reference. https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
Topics
#Incident Response#Incident Handling Lifecycle#Incident Management
Community Discussion
No community discussion yet for this question.