Exam CISSP-ISSAP topic 1 question 34 discussion

A. Containment. Containment involves implementing measures to prevent further damage and minimize the impact of an incident. In the case of a DOS attack, this could involve isolating affected systems or networks, blocking traffic from known malicious IP addresses, adjusting firewall rules to filter out malicious traffic patterns, or utilizing load balancers to distribute incoming requests more effectively. Once containment has been achieved and immediate threats have been neutralized, the incident handler can then proceed to other phases such as identification (to determine how and why the incident occurred), recovery (to restore affected services or systems), and preparation (to implement preventive measures for future incidents). in this specific scenario where it has already been identified that the problem is a Denial of Service (DOS) attack, the next phase in the Incident handling process should not be Identification. Since you have already identified that it is a DOS attack from a network linked to your internal enterprise network, the next phase should indeed be A. Containment. The Containment phase involves taking immediate actions to mitigate and limit further damage caused by the incident, as mentioned earlier.