New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCIH Exam - Topic 1 Question 1 Discussion

Actual exam question for GIAC's GCIH exam
Question #: 1
Topic #: 1
[All GCIH Questions]

You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event

not an incident.

Which of the following steps of an incident handling process was performed by the incident response team?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Thaddeus at May 05, 2022, 08:10 PM

Limited Time Offer

25%

Off

Get Premium GCIH Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lizette
4 months ago
Nah, it’s definitely Identification. They needed to confirm the issue first.
upvoted 0 times
...
Jacqueline
4 months ago
I think it’s more about Preparation since they were reviewing security.
upvoted 0 times
...
Vallie
4 months ago
Wait, how can it be a controlled event? That’s weird.
upvoted 0 times
...
Nickolas
4 months ago
Totally agree, they were figuring out what was going on.
upvoted 0 times
...
Sherell
5 months ago
Sounds like they were in the Identification phase.
upvoted 0 times
...
Lynelle
5 months ago
I thought the Identification step was about recognizing an incident, but if they announced it was controlled, maybe they were just confirming it wasn’t a serious issue?
upvoted 0 times
...
Cory
5 months ago
This reminds me of a practice question where we had to identify steps in incident response. I feel like they might have been preparing for a potential incident rather than actually containing one.
upvoted 0 times
...
Kimbery
5 months ago
I'm not entirely sure, but I remember something about containment being about stopping the spread of an incident. This seems more like they were just assessing the situation.
upvoted 0 times
...
Annice
5 months ago
I think the incident response team was in the Identification phase since they were trying to determine if it was a real incident or just a controlled event.
upvoted 0 times
...
Leana
5 months ago
Hmm, I'm a bit confused. Should we really be minimizing the technical stakeholders' input this early on? That doesn't seem like the right approach to me.
upvoted 0 times
...
Denae
5 months ago
I'm a bit confused by the wording of the question. I'll need to re-read the description a few times to make sure I understand it fully before answering.
upvoted 0 times
...
Reiko
5 months ago
I'm a bit confused by the different control flag options. I'll need to make sure I understand the differences between them before I can confidently select the right one.
upvoted 0 times
...
Glory
5 months ago
I'm not entirely sure, but I feel like the efficient frontier might relate to taxation somehow. There was a question similar to this in our last practice exam.
upvoted 0 times
...

Save Cancel