You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process
to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked
to your internal enterprise network. Which of the following phases of the Incident handling process
should you follow next to handle this incident?
A.
Containment
B.
Preparation
C.
Recovery
D.
Identification
Explanation:
After the identification of the DOS attack, you need to disconnect the link to the
network from which the attack is being performed. The
Containment phase should be followed until the eradication and recovery from the attack is done.
The Containment phase of the Incident handling process is responsible for supporting and building
up the incident combating process. It
ensures the stability of the system and also confirms that the incident does not get any worse. The
Containment phase includes the process
of preventing further contamination of the system or network, and preserving the evidence of the
contamination.
Answer option D is incorrect. The Identification phase of the Incident handling process is the stage
at which the Incident handler evaluates
the critical level of an incident for an enterprise or system. It is an important stage where the
distinction between an event and an incident isdetermined, measured and tested.
Answer option C is incorrect. The Recovery phase of the Incident handling process is the stage at
which the enterprise or the system is
settled back to its balanced production state. It involves the quality assurance tests and reevaluation of the system for the purpose of the
system revival or recovery.
Answer option B is incorrect. The preparation phase of the Incident handling process is responsible
for defining rules, collaborating human
workforce, creating a back-up plan, and testing the plans for an enterprise. Preparation is the phase
of the Incident handling, which involves
different processes that are as follows:
Establishing applicable policies
Building relationships with key players
Building a response kit
Establish communication plan
Creating incident checklists
Performing threat modeling
Building an incident response team