ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 109 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 109
Topic #: 1
[All 312-50v13 Questions]

Attacker Lauren has gained the credentials of an organization’s internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

  • A. Incident triage
  • B. Preparation
  • C. Incident recording and assignment
  • D. Eradication
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by NikoTomas at March 14, 2025, 7:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
1 month ago
Selected Answer: A
Correct: A (Incident Triage) Incident Handling and Response (IH&R) phases: 1. Preparation: Establishing and training the incident response team, developing policies, deploying tools and resources. 2. Incident Recording and Assignment: Documenting reported incidents and assigning them to appropriate response personnel for investigation. 3. Incident Triage: Assessing and prioritizing incidents based on their severity, impact, and urgency to determine the appropriate response strategy. 4. Notification: Informing relevant stakeholders, management, affected parties, legal authorities, about the incident as per org. protocols. 5. Containment: Implementing measures to limit the spread and impact of the incident, such as isolating affected systems or networks. Continuation below...
upvoted 1 times
NikoTomas
1 month ago
...continuation: 6. Evidence Gathering and Forensic Analysis: Collecting and analyzing data related to the incident to understand its origin, scope, and method of execution, ensuring evidence is preserved for potential legal proceedings. 7. Eradication: Removing the root cause, such as eliminating malware or closing vulnerabilities, to prevent recurrence. 8. Recovery: Restoring and validating the system functionality. 9. Post-Incident Activities: Conducting a review of the incident, identify lessons learned, updating incident response plans, implementing improvements to enhance future response.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago