Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 110

An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?

Answer options

• A. Analysis
• B. Eradication
• C. Detection
• D. Recovery

Correct answer: A

Explanation

The next phase in the investigation is Analysis, where the analyst will examine the incident to understand the scope and cause of the issue. Eradication (B) comes after the analysis phase, where the focus is on removing the threat. Detection (C) is about identifying incidents, which has already occurred, and Recovery (D) deals with restoring systems after an incident has been managed.