An organization has detected an ongoing cyber attack. They've isolated the affected systems and are now focused on removing the threat and securing the systems to prevent the same attack in the future. Which phase of incident response are they currently in?
- Containment
- Eradication and Recovery
- Identification and Detection
- Preparation and Prevention
The organization is in the 'Eradication and Recovery' phase of incident response, where they are actively working to remove the threat and recover affected systems. This phase follows detection and containment.
Loading...
Related Quiz
- Which of the following best describes an "insider threat"?
- Which of the following is NOT a recommended practice to prevent SQL injection?
- An attacker sets up a rogue wireless access point with the same SSID as a legitimate network to trick users into connecting to it. What is this type of attack called?
- SFTP and SCP both use which protocol as their underlying method for secure communication?
- A financial institution enforces a policy where users must change their passwords every 45 days, and the new password cannot be any of the last five passwords used. This policy is primarily designed to mitigate which type of threat?