It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?
A. Containment
B. Eradication
C. Recovery
D. Discovery
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
The incident response phases are:
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
Containment
When a breach is first discovered, your initial instinct may be to securely delete everything so you can just get rid of it. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.
Instead, contain the breach so it doesn’t spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It’s also good to have a redundant system back-up to help restore business operations. That way, any compromised data isn’t lost forever.
This is also a good time to update and patch your systems, review your remote access protocols (requiring mandatory multi-factor authentication), change all user and administrative access credentials and harden all passwords
Containment