• Post author:
  • Post category:Blog
  • Reading time:2 mins read
  • Post last modified:June 12, 2024

The incident response phases can be grouped into detect, respond, and recover. Which of the following is not considered a step in any of these three phases?

  • preparation
  • lessons learned
  • retaliation
  • eradication
  • containment
Explanation & Hint:

Retaliation is not considered a step in any of the three primary incident response phases (detect, respond, and recover) in a standard incident response framework.

  1. Preparation – This is a proactive phase where an organization prepares for potential incidents, establishes policies, procedures, and response plans.
  2. Detection – In this phase, security teams identify and confirm the occurrence of an incident.
  3. Containment – Once an incident is detected, the goal is to contain it to prevent further damage or spread.
  4. Eradication – After containment, the focus is on completely removing the threat from the affected systems.
  5. Recovery – This phase involves restoring affected systems to normal operations.
  6. Lessons Learned – This is a critical post-incident phase where organizations review the incident, identify areas for improvement, and update their incident response processes based on the experience.

Retaliation, in the context of incident response, is not an appropriate action. Instead, the focus should be on containment, eradication, and recovery to minimize the impact of the incident and prevent future occurrences. Retaliation or offensive actions are typically not recommended and can lead to legal and ethical issues.

For more Questions and Answers:

Security Operations Center Post-Assessment | CBROPS

Notify of
Inline Feedbacks
View all comments