SANS SEC504: Hacker Tools, Techniques and Incident Handling — Question 28

You work as an Incident handling manager for a company. The public relations process of the company includes an event that responds to the e-mails queries.
But since few days, it is identified that this process is providing a way to spammers to perform different types of e-mail attacks. Which of the following phases of the Incident handling process will now be involved in resolving this process and find a solution? Each correct answer represents a part of the solution. Choose all that apply.

Answer options

• A. Eradication
• B. Contamination
• C. Preparation
• D. Recovery
• E. Identification

Correct answer: A, B, D

Explanation

The correct phases are Eradication, Contamination, and Recovery. Eradication is necessary to eliminate the threats posed by spam, Contamination addresses the impact of the attacks, and Recovery helps restore services after the incident. Preparation and Identification are important but not directly involved in resolving the immediate issues caused by the spam attacks.