ServiceNow Certified Implementation Specialist – Security Incident Response — Question 46
What parts of the Security Incident Response lifecycle is responsible for limiting the impact of a security incident?
Answer options
- A. Post Incident Activity
- B. Detection & Analysis
- C. Preparation and Identification
- D. Containment, Eradication, and Recovery
Correct answer: D
Explanation
The correct answer is D, as Containment, Eradication, and Recovery are specifically designed to limit the damage caused by a security incident. Other phases such as Post Incident Activity, Detection & Analysis, and Preparation and Identification are important for different aspects of incident response but do not directly address limiting the impact during an ongoing incident.