Practice Test Question-Incident Response Stages

Practice Test Question-Incident Response Stages

Practice Test Question-Incident Response Stages

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.

In which stage of the incident response process should incident responders work to isolate affected systems from the rest of the network?

A. Preparation

B. Detection and Analysis

C. Containment, Eradication and Recovery

D. Post-Incident Activity

Correct Answer: C

Isolating affected systems is one of the first steps toward containing an incident. It occurs after the incident is detected during the containment, eradication, and recovery phase of incident response. The Preparation phase and the detection and analysis phase occur before this step. Post-incident activity does not occur until after this step.

 

Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!

No Comments

Post A Comment