Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 8

What is accomplished in the identification phase of incident handling?

Answer options

• A. determining the responsible user
• B. identifying source and destination IP addresses
• C. defining the limits of your authority related to a security event
• D. determining that a security even has occurred

Correct answer: D

Explanation

The identification phase is crucial as it focuses on confirming whether a security incident has occurred, which is essential for subsequent response actions. The other options, while relevant to incident management, pertain to aspects that are addressed after the incident has been confirmed, such as determining responsibility or recognizing specific technical details.