Certified Threat Intelligence Analyst (CTIA) — Question 61

While monitoring network activities, an unusual surge in outbound traffic was noticed, and a potential security incident was suspected. In the context of incident responses, what is the initial stage at which you actively recognize and confirm the presence of an incident?

Answer options

• A. Eradication
• B. Containment
• C. Recovery
• D. Identification

Correct answer: D

Explanation

The correct answer is D. Identification is the initial phase where the presence of a security incident is recognized and confirmed. The other options represent subsequent stages in the incident response process, such as Eradication, which involves removing the threat, Containment, which aims to limit the damage, and Recovery, which focuses on restoring systems to normal operation.