During which of the following phases of the Incident Response process should a security administrator define
and implement general defense against malware?
Incident response procedures involve: Preparation; Incident identification; Escalation and notification; Mitigation
steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation
(Quarantine; Device removal); Data breach; Damage and loss control. It is important to stop malware before it
ever gets hold of a system –thus, you should know which malware is out there and take defensive measures –
this means preparation to guard against malware infection should be done.