Answer is B.
The Incident is suspected and IR Team is engaged, which mean its major and next step would be Response, which is not the choice here. Then Mitigate (or Containment Strategy), which is B.
haha soo many people blindly picking B and not reading the question. Its NOT b and its NOT validate the incident. If the IR team has been activated, its already been decided that its an incident. Incident Response is Detect --> response --> mitgate(contain) --> report --> remediate --> etc
B. Record all facts regarding the incident.
When the incident is suspected, you want to record all facts to help confirm if it becomes and actual incident. Once it becomes confirmed as an actual incident then containment is the next course of action.
B seems a bit off because of the "record all facts", it should say "record all known facts". So it almost seems like it would be at the end when you know "all" facts. When you get an incident call you log it in the ticketing system first, so that's the start.
I did some research and verified, step 2 "Detection & Analysis" states "ncident documentation: If the signal proves valid, the IR team must begin documenting all facts in relation to the incident and continue logging all actions taken throughout the process."
Containment is step #3.
https://www.crowdstrike.com/cybersecurity-101/incident-response/incident-response-steps/
B. An incident response team that suspects that an incident has occurred should immediately start recording all facts regarding the incident.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Containment is the first priority when responding to an incident. The incident response team must act quickly to contain incident, limit the damage and prevent further spread. After the incident is contained, the team can begin to gather information and assess the situation. They can then identify the attacker, record all facts, and notify management as appropriate. But the immediate priority is to contain the incident.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
1460168
3 months, 2 weeks agoAmit3
7 months, 1 week agoeboehm
7 months, 2 weeks agoHongjun
7 months, 4 weeks agoSoleandheel
11 months, 1 week agoHughJassole
1 year, 5 months agoWatcher009
1 year, 6 months agojackdryan
1 year, 6 months agoDASH_v
1 year, 6 months ago[Removed]
1 year, 7 months agoemrys
1 year, 8 months ago