Certified Ethical Hacker (CEH v12) — Question 106

Attacker Lauren has gained the credentials of an organization’s internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited.
What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

Answer options

• A. Incident triage
• B. Preparation
• C. Incident recording and assignment
• D. Eradication

Correct answer: A

Explanation

The correct answer is A, Incident triage, as it involves assessing and categorizing an incident to understand its nature and impact. The other options do not fit: B, Preparation, refers to readiness before incidents occur; C, Incident recording and assignment, focuses on documenting and assigning incidents rather than analyzing them; D, Eradication, is about removing the threat after it has been identified.