During which of the following phases of the Incident Response process should a security
administrator define and implement general defense against malware?

A.
Lessons Learned

B.
Preparation

C.
Eradication

D.
Identification

Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and
notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First
responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss
control. It is important to stop malware before it ever gets hold of a system –thus you should know
which malware is out there and take defensive measures – this means preparation to guard
against malware infection should be done.