What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

An engineer discovered a breach, identified the threat’s entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
A. Recover from the threat.
B. Analyze the threat.
C. Identify lessons learned from the threat.
D. Reduce the probability of similar threats.

cisco-exams

One thought on “What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?

  1. Should be C. The actions of the engineer are describing the “Containment, Eradication and Recovery” Phase of the Incident Response Life Cycle of the NIST 800-61r2. The next phase is the “Post-Incident Activity” and its activities are: Lessons learned, Use Collected Incident Data and evidence Recollection. Reference: https://www.nist.gov/privacy-framework/nist-sp-800-61

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.