You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software
applications on the systems were malfunctioning and also you were not able to access your remote
desktop session. You suspected that some malicious attack was performed on the network of the
company. You immediately called the incident response team to handle the situation who enquired
the Network Administrator to acquire all relevant information regarding the malfunctioning. The
Network Administrator informed the incident response team that he was reviewing the security of
the network which caused all these problems. Incident response team announced that this was a
controlled event not an incident.
Which of the following steps of an incident handling process was performed by the incident
response team?
A.
Containment
B.
Eradication
C.
Preparation
D.
Identification
Explanation:
According to the question, incident response team announced that this was a controlled event not
an incident. Incident response team performed the identification step to rectify the incident.
Identification is the first post-attack step in Incident handling process. In this phase of the incident
handling process, the Incident Handler determines whether the incident exists or not. An incident is
described as an event in a system or network that poses threat to the environment. Identification of
an incident becomes more difficult with the increase in the complexity of the attack. The Incident
Handler should gather all facts and make decisions on the basis of those facts. Incident Handler
needs to identify the following characteristics of an attack before it can be properly processeD.