Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 301
A security analyst notices a sudden surge of incoming traffic and detects unknown packets from unknown senders. After further investigation, the analyst learns that customers claim that they cannot access company servers. According to NIST SP800-61, in which phase of the incident response process is the analyst?
Answer options
- A. preparation
- B. post-incident activity
- C. containment, eradication, and recovery
- D. detection and analysis
Correct answer: D
Explanation
The correct answer is D, detection and analysis, as the analyst is identifying and analyzing the issue of unusual traffic and customer access problems. Options A and B are incorrect because they refer to stages that occur before or after the detection phase. Option C is also incorrect because it pertains to responding to the incident rather than discovering it.