Which option is unnecessary for determining the appropriate containment strategy according to NIST.SP800-61 r2?
A. effectiveness of the strategy
B. time and resource needed to implement the strategy
C. need for evidence preservation
D. attack vector used to compromise the system
D is correct
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Criteria for determining the appropriate strategy include:
Potential damage to and theft of resources
Need for evidence preservation
Service availability (e.g., network connectivity, services provided to external parties)
Time and resources needed to implement the strategy
Effectiveness of the strategy (e.g., partial containment, full containment)
Duration of the solution (e.g., emergency workaround to be removed in four hours, temporary
workaround to be removed in two weeks, permanent solution).