nerdexam
CompTIA

SY0-301 · Question #534

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

The correct answer is B. Preparation. Defenses against malware - such as deploying antivirus software, configuring firewalls, establishing patch management procedures, and creating security baselines - are proactive measures put in place before incidents occur. This is the hallmark of the Preparation phase. Identific

Security operations

Question

During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?

Options

  • ALessons Learned
  • BPreparation
  • CEradication
  • DIdentification

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    87% (33)
  • C
    3% (1)
  • D
    8% (3)

Explanation

Defenses against malware - such as deploying antivirus software, configuring firewalls, establishing patch management procedures, and creating security baselines - are proactive measures put in place before incidents occur. This is the hallmark of the Preparation phase. Identification is about detecting that an incident has occurred. Eradication is about removing the threat after it has been identified. Lessons Learned is the post-incident review. Because implementing malware defenses is a pre-incident, preventive activity, it belongs in Preparation.

Topics

#incident response#preparation phase#malware defense#proactive controls

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice