Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 325

Which incidence response step includes identifying all hosts affected by an attack?

Answer options

• A. detection and analysis
• B. post-incident activity
• C. preparation
• D. containment, eradication, and recovery

Correct answer: A

Explanation

The correct answer is A, as the detection and analysis phase is focused on identifying the scope of the incident, including affected hosts. The other options do not specifically address the identification of impacted systems; post-incident activity is about reviewing the response, preparation is about readiness before an incident, and containment, eradication, and recovery involve managing the incident after identification.