SANS SEC504: Hacker Tools, Techniques and Incident Handling — Question 15

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

Answer options

• A. Preparation phase
• B. Eradication phase
• C. Identification phase
• D. Recovery phase
• E. Containment phase

Correct answer: A

Explanation

The Preparation phase is critical as it involves setting up protocols, ensuring team collaboration, and formulating backup plans alongside their testing. The other phases, such as Eradication, Identification, Recovery, and Containment, focus on responding to and managing incidents rather than setting up preventative measures.