CompTIA Security+ (SY0-501) — Question 532

After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach. Which of the following steps in the incident response process has the administrator just completed?

Answer options

• A. Containment
• B. Eradication
• C. Recovery
• D. Identification

Correct answer: B

Explanation

The correct answer is B, Eradication, because the administrator has taken steps to remove the root cause of the security incident by disabling the service that led to the breach. Options A (Containment), C (Recovery), and D (Identification) do not apply here, as they refer to different stages of the incident response process, such as limiting the impact, restoring systems, and determining the nature of the incident, respectively.