Certified Ethical Hacker (CEH v10) — Question 188

It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

Answer options

• A. Discovery
• B. Recovery
• C. Containment
• D. Eradication

Correct answer: C

Explanation

The action of disconnecting the computer from the network and powering it down is part of the containment phase, as it aims to prevent further spread of the incident. Discovery involves identifying the incident, while recovery focuses on restoring systems after an incident. Eradication is about removing the cause of the incident, which comes after containment.