Question

After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?
A. Containment
B. Eradication
C. Recovery
D. Identification

Answer 1

Answer:

A. Containment

Explanation:

• This Containment is important before an incident or damage to resources. Most events require control, so it is important when handling each event. Containment provides time to develop a solution strategy that is prevalent.
• Decisions Making decisions to facilitate an event is much easier if the decision is involved in predetermined strategies and processes. Organizations must define acceptable risks in dealing with events and develop strategies accordingly.
• Network prevention is a fast and powerful tool designed to give security administrators the power they need to detect and prevent threats.