PrepAway - Latest Free Exam Questions & Answers

which step are you in?

In the course of responding to and handling an incident, you work on determining the root cause of the incident.
In which step are you in?

PrepAway - Latest Free Exam Questions & Answers

A.
Recovery

B.
Containment

C.
Triage

D.
Analysis and tracking

Explanation:
The analysis stage of the incident response procedure deals with the gathering of additional data to try and
figure out the root cause of the incident. Tracking can take place in parallel with the analysis and examination,
and deals with determining whether the source of the incident was internal or external and how the offender
infiltrated and gained access to the asset.
Incorrect Answers:A: The recovery stage of the incident response procedure deals with the implementation of the required solution
to make sure that this type of incident cannot recur.
B: The containment stage of the incident response procedure deals with isolating the incident based on the
category of the attack, the assets affected by the incident, and the criticality of those assets.
C: The triage stage of the incident response procedure deals with determining whether the reported event is an
incident and whether the incident-handling process should be started.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1037-1040


Leave a Reply