A cybersecurity team needs to investigate several incidents. In which step of the NIST incident response life cycle are the tools and assets, required to do this investigation, acquired and deployed?
- detection and analysis
- preparation
- containment, eradication, and recovery,
- post-incident activities
| Explanation & Hint:
Preparation is the first phase of the incident response life cycle. In this phase the Computer Security Incident Response Team CSIRT is created and deployed. Also in this phase the tools and assets needed by the team to investigate incidents are acquired and deployed. |