Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 243

A company's cyber security team performed a phishing simulation campaign for employees and performed security awareness trainings to affected personal. According to NIST.SP800-61, at which phase of incident response is this action?

Answer options

• A. post-incident activity phase
• B. detection and analyze phase
• C. preparation phase
• D. eradication and recovery phase

Correct answer: C

Explanation

The correct answer is C, as the preparation phase involves activities such as training employees and conducting simulations to enhance readiness against security incidents. Options A, B, and D refer to stages that occur after an incident has been detected or managed, which do not encompass proactive training and simulation efforts.