CompTIA Security+ (SY0-501) — Question 724
A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again?
Answer options
- A. Preparation
- B. Identification
- C. Containment
- D. Eradication
- E. Recovery
- F. Lessons learned
Correct answer: E
Explanation
The correct answer is E, Recovery, as this step involves restoring systems and services to normal operations after a security incident. The other options represent earlier or different phases of incident response where connectivity and user authentication would not yet be appropriate.