CompTIA Security+ (SY0-501) — Question 618

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

Answer options

• A. Investigation
• B. Containment
• C. Recovery
• D. Lessons learned

Correct answer: B

Explanation

The correct answer is B, Containment, as it involves taking measures to limit the impact of an incident on critical systems while allowing business operations to persist. Investigation focuses on understanding the incident, Recovery is about restoring systems after an incident, and Lessons learned pertains to analyzing the incident after it has been resolved.