Home » Cisco » 200-201 v.2 » Which incidence response step includes identifying all hosts affected by an attack?
Which incidence response step includes identifying all hosts affected by an attack?
A. detection and analysis
B. post-incident activity
C. preparation
D. containment, eradication, and recovery
Correct Answer: D
Explanation/Reference:
Explanation:
3.3.3 Identifying the Attacking Hosts During incident handling, system owners and others sometimes want to or need to identify the attacking host or hosts. Although this information can be important, incident handlers should generally stay focused on containment, eradication, and recovery.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdfThe response phase, or containment, of incident response, is the point at which the incidentresponse team begins interacting with affected systems and attempts tokeep further damage fromoccurring as a result of the incident.