SANS SEC504: Hacker Tools, Techniques and Incident Handling — Question 6

Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.

Answer options

• A. Freeze the scene.
• B. Repair any damage caused by an incident.
• C. Prevent any further damage.
• D. Inform higher authorities.

Correct answer: A, B, C

Explanation

The correct answers A, B, and C focus on the immediate actions that need to be taken during an incident to ensure safety and mitigate damage. Freezing the scene is crucial to preserve evidence, repairing damage is necessary to restore functionality, and preventing further damage is vital to contain the situation. While informing higher authorities is important, it does not focus on the direct response to the incident itself.