What are four steps to manage incident response handling?

What are four steps to manage incident response handling? (Choose four.)

What are four steps to manage incident response handling? (Choose four.)

A.
preparation

B.
qualify

C.
identification

D.
who

E.
containment

F.
recovery

G.
eradication

H.
lessons learned

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

Concerned Citizen

Concerned Citizen

Cisco official material says “Lessons Learned” is, sometimes, overlooked but it is a valuable step. The same material says step “Containment and Eradication” is sometime tiered depending on the scope of the incident.
Also, “Recovery” is an important step cause it’s when mitigation is applied. So, according to the official material, step for incident response are:

1.Preparation (important);
2.Detection and Analysis (important)
3.Containment and Eradication (can be tiered);
4.Recovery (important and necessary);
5.Lessons Learned (overlooked, but very important)

My alternatives for this questions are:
A C F H

I noticed that “Containment and Eradication” is just one step in official study material, but in the question they are different alternatives and since we can only choose four alternatives…my choice is “Recovery” rather than “Containment” or “Eradication”.

For more, search for NIST 800-61, REVISION 2 on google or access (if it is still available) http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

HTH,
Concerned Citizen

Reply