Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 5 Question 81 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 81
Topic #: 5
[All 212-89 Questions]

[Introduction to Incident Handling and Response]

Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process. She was also told that the system backup can also be used for further investigation of the incident. In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?

Show Suggested Answer Hide Answer
Suggested Answer: A

In the incident handling and response (IH&R) process, backing up the data on affected systems is a critical step that usually falls under the Containment phase. The Containment phase is crucial for limiting the scope and severity of an incident, ensuring that it does not spread further or affect additional systems. Backing up affected systems during containment is essential for several reasons: it preserves a snapshot of the system in its current state for forensic analysis, ensures that data is not lost if the system needs to be wiped or altered during the response process, and helps in the recovery process if data is corrupted or lost.

By performing a complete backup of the infected system during the Containment phase, Alice ensures that there is a reliable copy of all data and system states before any major actions, such as eradication or deeper forensic analysis, are taken. This step is also preparatory for the potential use of the backup in analyzing how the incident occurred and in restoring system functionality after the incident is resolved.


by Isabelle at Jun 13, 2025, 11:27 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Maile
3 months ago
I thought backups were done during eradication?
upvoted 0 times
...
Bettina
3 months ago
Totally agree, containment is key!
upvoted 0 times
...
Rolf
4 months ago
Surprised this isn't common knowledge!
upvoted 0 times
...
Stefany
4 months ago
Not sure if containment is the right stage for that.
upvoted 0 times
...
Olene
4 months ago
Backup should happen during containment.
upvoted 0 times
...
Argelia
4 months ago
I’m leaning towards containment too, but I wonder if incident triage could also involve securing data? It’s a bit confusing.
upvoted 0 times
...
Lacresha
4 months ago
I practiced a similar question, and I feel like the eradication stage is more about removing threats, not backing up. So maybe it's not that one.
upvoted 0 times
...
Belen
5 months ago
I'm not entirely sure, but I remember something about incident recording being important for documentation. Could it be that stage?
upvoted 0 times
...
Helene
5 months ago
I think the backup should happen during the containment phase, right? It makes sense to secure the data before doing anything else.
upvoted 0 times
...
Martina
5 months ago
This is a tricky one. I'm not entirely confident, but I think the backup would need to be done during the containment or eradication stage, since those are focused on preserving evidence and preventing further damage.
upvoted 0 times
...
Jolene
5 months ago
Okay, I've got a strategy for this. The question is asking about when the backup should be done, so I need to consider the different stages of the incident handling process and which one would require a full system backup.
upvoted 0 times
...
Carmelina
5 months ago
Hmm, I'm a bit unsure about this one. The question mentions backing up data, but I'm not sure which stage that would fall under. I'll have to think this through carefully.
upvoted 0 times
...
Amira
5 months ago
This seems like a straightforward question about the incident handling process. I think the key is to identify the stage where data backup is most critical.
upvoted 0 times
...
Hassie
8 months ago
I'm just gonna guess... D. Eradication. Backing up the system makes sense before you start removing the infection. Wouldn't want to lose any evidence, right?
upvoted 0 times
Margery
6 months ago
Bob: Definitely, we don't want to lose any evidence during the incident response process.
upvoted 0 times
...
Jeffrey
6 months ago
Alice: I think you're right, we need to back up the system before we start removing the infection.
upvoted 0 times
...
Valentin
7 months ago
Alice: Exactly. It's important to have a backup in case anything goes wrong during the incident response process.
upvoted 0 times
...
Ceola
7 months ago
Bob: That's correct. Backing up the data before removing the infection is crucial for preserving evidence.
upvoted 0 times
...
Ernestine
7 months ago
Alice: I think I need to do a complete backup of the infected system during the eradication stage.
upvoted 0 times
...
...
Rochell
9 months ago
Yes, that's correct. Backing up the data during the Containment stage is crucial for ensuring we have a copy of the affected system before taking any further actions.
upvoted 0 times
...
Chuck
9 months ago
Hold up, who named this person 'Alice'? Sounds like a children's book character, not a real incident handler. Anyway, I'd say D. Eradication is the way to go.
upvoted 0 times
Quentin
8 months ago
Yes, backing up the data during the Eradication stage is crucial for further investigation and to ensure data integrity.
upvoted 0 times
...
Margo
8 months ago
I agree, D) Eradication is the stage where a complete backup of the infected system should be done.
upvoted 0 times
...
...
Lashandra
9 months ago
I agree with Margot, because during Containment, the focus is on preventing further damage and preserving evidence.
upvoted 0 times
...
Dierdre
9 months ago
C. Incident triage. Alice needs to assess the situation first before doing anything drastic like a full system backup. Gotta triage that incident, yo!
upvoted 0 times
...
Breana
9 months ago
I'm going with B. Incident recording. You want to document everything, including a full system backup, for your records and future investigation.
upvoted 0 times
Madelyn
8 months ago
Alice: Exactly, it's crucial for the incident handling process.
upvoted 0 times
...
Timmy
8 months ago
Charlie: So, the backup is done during incident recording to preserve the data.
upvoted 0 times
...
Van
8 months ago
Bob: Yeah, that's right. It's important to document everything for future investigation.
upvoted 0 times
...
Rocco
9 months ago
Alice: I think I need to do a complete backup during incident recording.
upvoted 0 times
...
...
Margot
9 months ago
I think Alice needs to do a complete backup during the Containment stage.
upvoted 0 times
...
Ronald
9 months ago
Definitely D. Eradication. You need to back up the system before you start removing the malware or affected files. Anything else would just be risky.
upvoted 0 times
Clement
8 months ago
Alice: Let's make sure to do the backup during the Eradication stage of the incident handling process.
upvoted 0 times
...
Harrison
8 months ago
Bob: Yes, it's important to have a complete backup to ensure we can retrieve any damaged data.
upvoted 0 times
...
Annett
9 months ago
Alice: I agree, we should back up the system before we start removing the malware.
upvoted 0 times
...
...

Save Cancel