Which two activities fall under scoping?

In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
A. determining the number of attackers that are associated with a security incident
B. ascertaining the number and types of vulnerabilities on your network
C. identifying the extent that a security incident is impacting protected resources on the network
D. determining what and how much data may have been affected
E. identifying the attackers that are associated with a security incident

cisco-exams

10 thoughts on “Which two activities fall under scoping?

  1. According to this text from NIST SP800-61r2: “When the team believes that an incident has occurred, the team should rapidly perform an initial analysis to determine the incident’s scope, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring (e.g., what tools or attack methods are being used, what vulnerabilities are being exploited). The initial analysis should provide enough information for the team to prioritize subsequent activities, such as containment of the incident and deeper analysis of the effects of the incident.”, the right answers could be C & E. D is tempting but it looks like something that may not be determined at the beginning.

  2. From Logic’s explanation, I’d choose C and D. Scoping doesn’t really involve finding the attacker, does it?

  3. Correct D & E

    the information below was taken from NIST SP800-61 r2 Page 38

    When the team believes that an incident has occurred, the team should rapidly perform an initial analysis
    to determine the incident’s scope, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring (e.g., what tools or attack methods are being used, w
    hat vulnerabilities are being exploited). The initial analysis should provide enough information for the team to prioritize
    subsequent activities, such as containment of the incident and deeper analysis of the effects of the
    incident.

    1. What you mentioned is listed under section 3.2.4 Incident Analysis. Answer E (identifying the attackers) is mentioned in section 3.3.3 Identifying the Attacking Host. Sooo… Scope doesnt not include answer D. The correct answer is CD

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.