What is the first step in the incident response process?
Correct!
Wrong!
The first step in incident response is preparation, which involves setting up policies, response plans, and tools to handle potential security incidents.
Why is it important to document each step of incident response?
Correct!
Wrong!
Documentation provides a clear audit trail, supports legal actions, and helps improve future response efforts.
Which phase of incident response involves eliminating the root cause of an incident?
Correct!
Wrong!
Eradication focuses on removing the cause of the incident, such as deleting malicious files or disabling compromised accounts.
What is the purpose of containment during an incident?
Correct!
Wrong!
Containment limits the spread of the incident, minimizing damage and buying time for further analysis.
What should be included in an incident report?
Correct!
Wrong!
An incident report should detail the timeline, affected systems, response actions, impact, and recommendations for improvement.
Why is post-incident review critical in the response process?
Correct!
Wrong!
Post-incident reviews help identify gaps, refine processes, and prevent recurrence of similar incidents.