Final answer:
The phase of incident response that involves primarily active undertakings designed to limit the damage that an attacker might cause is Containment, Eradication, and Recovery. This may involve actions like disabling compromised user accounts, blocking network traffic from the attacker, and restoring systems from backups.
Step-by-step explanation:
The phase of incident response that involves primarily active undertakings designed to limit the damage that an attacker might cause is Containment, Eradication, and Recovery. In this phase, the focus is on isolating the affected systems or networks, stopping the attack, and minimizing further damage. This may involve actions like disabling compromised user accounts, blocking network traffic from the attacker, and restoring systems from backups.