Certified Incident Handler (ECIH v3) — Question 42

One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT's incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?

Answer options

• A. Protection
• B. Preparation
• C. Detection
• D. Triage

Correct answer: A

Explanation

The correct answer, Protection, is focused on implementing security measures to prevent future incidents based on insights gained from past reviews. Preparation involves readiness for incidents, Detection is about identifying incidents in real-time, and Triage pertains to prioritizing incidents for response, none of which specifically address postmortem-derived infrastructure improvements.