Which incidence response step includes identifying all hosts affected by an attack?
A. detection and analysis
B. post-incident activity
C. preparation
D. containment, eradication, and recovery
Which incidence response step includes identifying all hosts affected by an attack?
A. detection and analysis
B. post-incident activity
C. preparation
D. containment, eradication, and recovery
Initial analysis includes “which networks, systems, or applications are affected”
Eradication and Recovery
“After an incident has been contained, eradication may be necessary to eliminate components of the
incident, such as deleting malware and disabling breached user accounts, as well as identifying and
mitigating all vulnerabilities that were exploited. During eradication, it is important to identify all affected
hosts within the organization so that they can be remediated”
-NIST.SP.800-61r2. page 46