232k views
0 votes
Which one of the phases of incident response involves primarily active undertakings designed to limit the damage that an attacker might cause?

A. Containment, Eradication, and Recovery
B. Preparation
C. Post-Incident Activity
D. Detection and Analysis

1 Answer

7 votes

Final answer:

The phase of incident response that involves primarily active undertakings designed to limit the damage that an attacker might cause is Containment, Eradication, and Recovery. This may involve actions like disabling compromised user accounts, blocking network traffic from the attacker, and restoring systems from backups.

Step-by-step explanation:

The phase of incident response that involves primarily active undertakings designed to limit the damage that an attacker might cause is Containment, Eradication, and Recovery. In this phase, the focus is on isolating the affected systems or networks, stopping the attack, and minimizing further damage. This may involve actions like disabling compromised user accounts, blocking network traffic from the attacker, and restoring systems from backups.

User Greg Spears
by
8.0k points
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.