SY0-301 · Question #534
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?
The correct answer is B. Preparation. Defenses against malware - such as deploying antivirus software, configuring firewalls, establishing patch management procedures, and creating security baselines - are proactive measures put in place before incidents occur. This is the hallmark of the Preparation phase. Identific
Question
During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?
Options
- ALessons Learned
- BPreparation
- CEradication
- DIdentification
How the community answered
(38 responses)- A3% (1)
- B87% (33)
- C3% (1)
- D8% (3)
Explanation
Defenses against malware - such as deploying antivirus software, configuring firewalls, establishing patch management procedures, and creating security baselines - are proactive measures put in place before incidents occur. This is the hallmark of the Preparation phase. Identification is about detecting that an incident has occurred. Eradication is about removing the threat after it has been identified. Lessons Learned is the post-incident review. Because implementing malware defenses is a pre-incident, preventive activity, it belongs in Preparation.
Topics
Community Discussion
No community discussion yet for this question.