What task should be performed once a security incident has been verified?
A.
Identify the incident.
B.
Contain the incident.
C.
Determine the root cause of the incident.
D.
Perform a vulnerability assessment.
Explanation:
Identifying the incident means verifying whether an incident has occurred and finding out more
details about the incident. Once an incident has been confirmed (identified), the incident
management team should limit further exposure. Determining the root cause takes place after the
incident has been contained. Performing a vulnerability assessment takes place after the root
cause of an incident has been determined, in order to find new vulnerabilities.