You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in
the network of your company. You develop a signature based on the characteristics of the detected
virus. Which of the following phases in the Incident handling process will utilize the signature to
resolve this incident?
A.
Eradication
B.
Identification
C.
Recovery
D.
Containment
Explanation:
The Eradication phase of the Incident handling process involves the cleaning-up of the
identified harmful incidents from the system. It includes
the analyzing of the information that has been gathered for determining how the attack was
committed. To prevent the incident from
happening again, it is vital to recognize how it was conceded out so that a prevention technique is
applied.
Answer option C is incorrect. The Recovery phase of the Incident handling process is the stage at
which the enterprise or the system is
settled back to its balanced production state. It involves the quality assurance tests and reevaluation of the system for the purpose of the
system revival or recovery.
Answer option D is incorrect. The Containment phase of the Incident handling process is responsible
for supporting and building up the
incident combating process. It ensures the stability of the system and also confirms that the incident
does not get any worse. The
Containment phase includes the process of preventing further contamination of the system or
network, and preserving the evidence of the
contamination.
Answer option B is incorrect. The Identification phase of the Incident handling process is the stage
at which the Incident handler evaluatesthe critical level of an incident for an enterprise or system. It is an important stage where the
distinction between an event and an incident is
determined, measured and tested.