CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 35

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of
Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

Answer options

• A. Containment
• B. Preparation
• C. Recovery
• D. Identification

Correct answer: A

Explanation

The correct next step is 'Containment' to limit the impact of the Denial of Service attack on the network. 'Preparation' is about readiness for incidents, 'Recovery' focuses on restoring operations after an incident, and 'Identification' is the phase where incidents are recognized, which has already been completed.