Certified Ethical Hacker (CEH v13) — Question 115
Attacker Lauren has gained the credentials of an organization’s internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?
Answer options
- A. Incident triage
- B. Preparation
- C. Incident recording and assignment
- D. Eradication
Correct answer: A
Explanation
The correct answer is A, Incident triage, as this phase involves assessing and determining the details of the incident, including its severity and impact. The other options do not pertain to the initial analysis of the incident; Preparation refers to planning before an incident occurs, Incident recording and assignment involves documenting the incident and assigning it for resolution, and Eradication focuses on removing the threat from the environment.