Last Updated on November 16, 2023 by InfraExam
The SOC team has just contained a cyber threat. Which two of the following post-incident activities should they perform? (Choose two.)
- creating post-incident reports, such as “lessons learned” from the incident
|Explanation & Hint:
Once a cyber threat has been contained, the following two post-incident activities should typically be performed:
The other options listed — triage, eradication, and quarantining — are parts of the incident response process but they are not post-incident activities. Triage is the initial phase of assessing and prioritizing incidents, eradication is the process of removing the threat from the environment (which might still be part of the active response rather than post-incident), and quarantining is a containment measure to prevent the spread of the threat, typically done before or during the incident response, not after.