Which of the following phases of the incident response process match the actions taken?

A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all.

The security operations center (SOC) analysts who receive these calls take the following actions:

– Running antivirus scans on the affected user machines

– Checking department membership of affected users

– Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts

– Checking network monitoring tools for anomalous activities

Which of the following phases of the incident response process match the actions taken?
A . Identification
B . Preparation
C . Recovery
D . Containment

View Answer

Answer: A