Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 280

A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager for further isolation actions. According to NIST.SP800-61, in which phase of incident response is this action?

Answer options

• A. post-incident activity phase
• B. detection and analyze phase
• C. preparation phase
• D. eradication and recovery phase

Correct answer: B

Explanation

The correct answer is B, as the action of checking the dashboard to assess the situation falls under the detection and analyze phase where incidents are identified and examined. The other options refer to different stages of the incident response process: A relates to activities after an incident, C is about readiness before incidents occur, and D involves resolving the incident and restoring systems.