Exam 350-201 topic 1 question 25 discussion

For me answer is wrong. According to: https://www.cynet.com/incident-response/nist-incident-response/ For me correct answer is: Eradicate - Eliminate the root cause of the breach and apply updates to the system Contain - Determine where the breach started and prevent the attack from spreading Post-Incident Handling - Analyze and document the breach and strengthen systems against future attacks Recover - Get systems and business operations up and running and ensure that the same type of attack does not occur again Analyze - Determine how the breach was discovered and the areas that are impacted Prepare - Conduct incident response role training for employees

The steps and the corresponding actions that occur at each step are: Prepare: Conduct incident response role training for employees. Analyze: Determine how the breach was discovered and the areas that were impacted. Contain: Determine where the breach started and prevent the attack from spreading. Eradicate: Eliminate the root cause of the breach and apply updates to the system. Recover: Get systems and business operations up and running and ensure that the same type of attack does not occur again. Post-incident handling: Review and document the breach and strengthen systems against future attacks. Note that these steps follow the NIST incident response framework, which provides a systematic approach to responding to cybersecurity incidents. The actions listed for each step are intended to help organizations respond to cybersecurity incidents efficiently and effectively. - ChatGPT

Agree with Keannan anwers. ADMIN DO SOMETHING STOP DELETING MESSAGES.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Preparation Detect and ANALYZE Containment Eradicate Recovery Post-Incident Activity

Keannan is correct. The answer is wrong. Keannan's one is all correct