CertNexus Certified Cyber Secure Coder (CSC) — Question 34

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
- Running antivirus scans on the affected user machines
- Checking department membership of affected users
- Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
- Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?

Answer options

• A. Identification
• B. Preparation
• C. Recovery
• D. Containment

Correct answer: A

Explanation

The correct answer is A, Identification, as the actions taken by the SOC analysts are aimed at identifying the nature and scope of the incident. The other options, such as Preparation, Recovery, and Containment, refer to different phases that either involve planning ahead, restoring systems after an incident, or limiting the spread of the incident, which are not the focus of the described actions.