Certified Incident Handler (ECIH v3) — Question 29

The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

Answer options

• A. Containment
• B. Eradication
• C. Incident recording
• D. Incident investigation

Correct answer: A

Explanation

The correct answer is A, Containment, as this stage involves isolating the affected system and securing it, which includes backing up data to prevent further loss. Eradication focuses on removing the threat, Incident recording involves documenting the incident, and Incident investigation is aimed at analyzing the event, none of which specifically address backing up the system.