CompTIA Security+ (SY0-501) — Question 393
A Chief Information Security Officer (CISO) has instructed the information assurance staff to act upon a fast-spreading virus.
Which of the following steps in the incident response process should be taken NEXT?
Answer options
- A. Identification
- B. Eradication
- C. Escalation
- D. Containment
Correct answer: A
Explanation
The next logical step after being instructed to act on a fast-spreading virus is Identification, as it is crucial to determine the extent and impact of the incident before taking further actions. Eradication and Containment are subsequent steps that occur after the identification phase, and Escalation is typically initiated if the incident exceeds the team's capacity to handle it.