Certified Ethical Hacker (CEH v11) — Question 207

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited.
What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Answer options

• A. Incident triage
• B. Preparation
• C. Incident recording and assignment
• D. Eradication

Correct answer: A

Explanation

The correct answer is A, Incident triage, as this phase involves assessing and categorizing incidents to understand their scope and impact. The other options, such as Preparation, focus on readiness before incidents occur; Incident recording and assignment pertains to documenting incidents, and Eradication involves removing threats after they have been identified.