Bird
0
0

An organization detects a malware attack and follows its incident response plan. Which immediate action is expected during the containment phase?

medium📝 Analysis Q4 of 15
Cybersecurity - Incident Response
An organization detects a malware attack and follows its incident response plan. Which immediate action is expected during the containment phase?
AIsolate affected systems to prevent spread
BRestore data from backups
CConduct a full security audit
DNotify customers about the breach
Step-by-Step Solution
Solution:

  1. Step 1: Understand containment phase purpose

    Containment aims to stop the incident from spreading further.

  2. Step 2: Evaluate each option

    Isolating affected systems fits containment. Restoring data is recovery, audits and notifications come later.

  3. Final Answer:

    Isolate affected systems to prevent spread -> Option A

  4. Quick Check:

    Containment action = Isolate systems [OK]
Quick Trick: Containment stops spread, recovery restores data [OK]
Common Mistakes:
MISTAKES
  • Confusing containment with recovery
  • Not isolating infected systems quickly
  • Skipping containment and moving to notifications

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Advanced Threat Protection - Threat hunting techniques - Quiz 10hard Digital Forensics - Memory forensics basics - Quiz 1easy Digital Forensics - Network forensics - Quiz 4medium Emerging Security Topics - Why security evolves with technology - Quiz 7medium Incident Response - Detection and analysis phase - Quiz 11easy Incident Response - Detection and analysis phase - Quiz 6medium Incident Response - Incident response lifecycle - Quiz 4medium Incident Response - Incident documentation - Quiz 14medium Incident Response - Detection and analysis phase - Quiz 9hard Security Architecture and Design - Why secure design prevents vulnerabilities - Quiz 11easy