07 Oct Practice Test Question – Incident Response
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
After an incident responder identifies that a security incident is in progress, what is the next step in the incident response process?
Correct Answer: D
After identifying an incident, the team should next move into the containment phase where they seek to limit the damage caused by the incident. Containment occurs prior to the eradication and recovery phases. The preparation phase occurs before incident identification.