Todd is a security administrator, who is responsible for responding to incidents. There has been a
virus outbreak. Which of the following is the final step Todd should take?
A.
Eradication
B.
Recovery
C.
AAR
D.
Containment
Explanation:
An after action review is the last phase. At this point it is important to evaluate how the breach occurred and learn from those mistakes.Answer option A is incorrect. Eradication is actually an early stage, immediately after containment.
Answer option D is incorrect. Containment is the first thing you do once you are aware of the attack.
Answer option B is incorrect. Recovery is actually the next to the last thing to do. That step occurs once the virus is eradicated, but before you do the after action review.