Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California un…

Question

Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:
✑ Remove the network cable wires.
✑ Isolate the system on a separate VLAN
✑ Use a firewall or access lists to prevent communication into or out of the system.
✑ Change DNS entries to direct traffic away from compromised system
Which of the following steps of the incident handling process includes the above actions?

Accepted Answer

Correct answer: B. B. Containment — The correct answer is B, Containment, because the actions taken aim to limit the impact of a security incident by isolating the affected system and preventing further communication. The other options do not fit as Identification refers to recognizing the incident, Eradication involves removing the threat, and Recovery is about restoring systems to normal operation.

GIAC Certified Incident Handler (GCIH) — Question 209

Answer options

Correct answer: B

Explanation