Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 212-89 Topic 5 Question 81 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 81
Topic #: 5
[All 212-89 Questions]

[Introduction to Incident Handling and Response]

Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process. She was also told that the system backup can also be used for further investigation of the incident. In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?

Show Suggested Answer Hide Answer
Suggested Answer: A

In the incident handling and response (IH&R) process, backing up the data on affected systems is a critical step that usually falls under the Containment phase. The Containment phase is crucial for limiting the scope and severity of an incident, ensuring that it does not spread further or affect additional systems. Backing up affected systems during containment is essential for several reasons: it preserves a snapshot of the system in its current state for forensic analysis, ensures that data is not lost if the system needs to be wiped or altered during the response process, and helps in the recovery process if data is corrupted or lost.

By performing a complete backup of the infected system during the Containment phase, Alice ensures that there is a reliable copy of all data and system states before any major actions, such as eradication or deeper forensic analysis, are taken. This step is also preparatory for the potential use of the backup in analyzing how the incident occurred and in restoring system functionality after the incident is resolved.


Contribute your Thoughts:

Dierdre
2 days ago
C. Incident triage. Alice needs to assess the situation first before doing anything drastic like a full system backup. Gotta triage that incident, yo!
upvoted 0 times
...
Breana
3 days ago
I'm going with B. Incident recording. You want to document everything, including a full system backup, for your records and future investigation.
upvoted 0 times
...
Margot
6 days ago
I think Alice needs to do a complete backup during the Containment stage.
upvoted 0 times
...
Ronald
6 days ago
Definitely D. Eradication. You need to back up the system before you start removing the malware or affected files. Anything else would just be risky.
upvoted 0 times
...

Save Cancel