John works as an Incident manager for TechWorld Inc. His task is to set up a wireless network for
his organization. For this, he needs to decide the appropriate devices and policies required to set
up the network. Which of the following phases of the incident handling process will help him
accomplish the task?

A.
Containment

B.
Recovery

C.
Preparation

D.
Eradication

Explanation:

Preparation is the first step in the incident handling process. It includes processes like backing up
copies of all key data on a regular basis, monitoring and updating software on a regular basis, and
creating and implementing a documented security policy. To apply this step a documented
security policy is formulated that outlines the responses to various incidents, as a reliable set of
instructions during the time of an incident. The following list contains items that the incident
handler should maintain in the preparation phase i.e. before an incident occurs:
Establish applicable policies
Build relationships with key players
Build response kit
Create incident checklists
Establish communication plan
Perform threat modeling
Build an incident response team
Practice the demo incidents
Answer option A is incorrect. The Containment phase of the Incident handling process is
responsible for supporting and building up the incident combating process. It ensures the stability

of the system and also confirms that the incident does not get any worse. The Containment phase
includes the process of preventing further contamination of the system or network, and preserving
the evidence of the contamination.
Answer option D is incorrect. The Eradication phase of the Incident handling process involves the
cleaning-up of the identified harmful incidents from the system. It includes the analyzing of the
information that has been gathered for determining how the attack was committed. To prevent the
incident from happening again, it is vital to recognize how it was conceded out so that a prevention
technique is applied.
Answer option B is incorrect. Recovery is the fifth step of the incident handling process. In this
phase, the Incident Handler places the system back into the working environment. In the recovery
phase the Incident Handler also works with the questions to validate that the system recovery is
successful. This involves testing the system to make sure that all the processes and functions are
working normal. The Incident Handler also monitors the system to make sure that the systems are
not compromised again. It looks for additional signs of attack.