CertNexus Certified Cyber Secure Coder (CSC) — Question 19
An incident at a government agency has occurred and the following actions were taken:
- Users have regained access to email accounts
- Temporary VPN services have been removed
- Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
- Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
Answer options
- A. Containment
- B. Post-incident
- C. Recovery
- D. Identification
Correct answer: A
Explanation
The actions taken are part of the Containment phase, as they focus on limiting the impact of the incident and restoring services. The Recovery phase would involve more long-term restoration efforts, while the Post-incident phase deals with lessons learned after the incident has been resolved. Identification refers to detecting and defining the incident itself, which is not applicable here.