Certified Chief Information Security Officer (CCISO) — Question 138

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus.
Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Answer options

• A. Eradication
• B. Containment
• C. Recovery
• D. Identification

Correct answer: A

Explanation

The correct answer is A, Eradication, because this phase involves removing the threat from the system using the signature created. The other options, such as Containment, focus on limiting the spread of the incident, while Recovery deals with restoring systems to normal operation, and Identification is about recognizing the incident in the first place.