Which of the following BEST describes this phase of the incident response process?

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened.

The network and security teams perform the following actions:

– Shut down all network shares.

– Run an email search identifying all employees who received the malicious message.

– Reimage all devices belonging to users who opened the attachment.

Next, the teams want to re-enable the network shares.

Which of the following BEST describes this phase of the incident response process?
A . Eradication
B . Containment
C . Recovery
D . Lessons learned

View Answer

Answer: C