Which of the following best describes the activities within the detection and investigation portion of the incident response plan?
A. Incident declaration, internal notification, and activation of an incident response team
B. Steps taken to prevent the incident from spreading
C. Establishing processes and a knowledge base to accurately detect and assess precursors and indicators
D. Elimination of components of the incident
Answer: C
Explanation: The detection and investigation portion of the incident response plan includes establishing processes and a knowledge base to accurately detect and assess precursors and indicators. Incident declaration, internal notification, and activation of an incident response team is part of an initial response. Containment includes the steps taken to prevent the incident from spreading. Eradication and recovery includes the elimination of components of the incident.
You might also like to view...
The Big Three consists of which three from this list?
a) Default constructor b) Copy constructor c) Constructor with two parameters d) destructor e) Operator=
Distributed computing that uses a group of computers in one location is called grid computing
Indicate whether the statement is true or false
A risk in using a ________ video is a potential problem with missing or broken links
Fill in the blank(s) with correct word
The equal sign (=) is the C# assignment operator.
Answer the following statement true (T) or false (F)