Certified Threat Intelligence Analyst (CTIA) — Question 67

An organization, namely, Highlander, Inc., decided to integrate threat intelligence into the incident response process for rapid detection and recovery from various security incidents.

In which of the following phases of the incident response management does the organization utilize operational and tactical threat intelligence to provide context to the alerts generated by various security mechanisms?

Answer options

• A. Phase 2: event
• B. Phase 1: preplanning
• C. Phase 3: incident
• D. Phase 4: breach

Correct answer: A

Explanation

The correct answer is A, as the event phase is where alerts are analyzed and contextualized with threat intelligence to understand their significance. The preplanning phase (B) focuses on preparation and strategy, while the incident phase (C) deals with the response actions taken, and the breach phase (D) refers to the consequences of a successful attack, none of which specifically involves the contextualization of alerts.