which of the following phases of the Incident Response process should a security administrator defin

During which of the following phases of the Incident Response process should a security
administrator define and implement general defense against malware?

A.
Lessons Learned

B.
Preparation

C.
Eradication

D.
Identification