nerdexam
ExamsSY0-301Questions#532
CompTIA

SY0-301 · Question #532

SY0-301 Question #532: Real Exam Question with Answer & Explanation

The correct answer is D: Preparation. The Incident Handling process (as defined by NIST and similar frameworks) includes Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Preparation is the phase that occurs before any incident takes place and focuses on building the capability to

Question

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

Options

  • ALessons Learned
  • BEradication
  • CRecovery
  • DPreparation

Explanation

The Incident Handling process (as defined by NIST and similar frameworks) includes Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Preparation is the phase that occurs before any incident takes place and focuses on building the capability to respond - this includes creating and maintaining policies, procedures (IOPs, SOPs), training staff, acquiring tools, and establishing communication plans. Since the team is developing documentation to be ready for future incidents, this is clearly the Preparation phase. The other options (Lessons Learned, Eradication, Recovery) all occur after an incident has already begun.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice