Certified SOC Analyst (CSA) — Question 68

Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Answer options

• A. Containment –> Incident Recording –> Incident Triage –> Preparation –> Recovery –> Eradication –> Post-Incident Activities
• B. Preparation –> Incident Recording –> Incident Triage –> Containment –> Eradication –> Recovery –> Post-Incident Activities
• C. Incident Triage –> Eradication –> Containment –> Incident Recording –> Preparation –> Recovery –> Post-Incident Activities
• D. Incident Recording –> Preparation –> Containment –> Incident Triage –> Recovery –> Eradication –> Post-Incident Activities

Correct answer: B

Explanation

The correct answer is B, as it follows the logical order of the IH&R process, starting with Preparation and leading through Incident Recording and Triage to Containment, Eradication, Recovery, and finally Post-Incident Activities. The other options misplace essential stages, causing an incorrect flow that would hinder effective incident management.