GIAC GSLC Exam - Topic 3 Question 79 Discussion

Actual exam question for GIAC's GSLC exam

Question #: 79
Topic #: 3

You work as an Incident handler in Mariotrixt.Inc. You have followed the Incident handling process to handle the events and incidents. You identify Denial of Service attack (DOS) from a network linked to your internal enterprise network. Which of the following phases of the Incident handling process should you follow next to handle this incident?

ARecovery

BContainment

CPreparation

DIdentification

Show Suggested Answer

Suggested Answer: B

by Staci at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium GSLC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Denna

19 days ago

Recovery comes later. First, we must contain the threat. B is definitely the right choice.

upvoted 0 times

...

Lore

25 days ago

But what about A) Recovery? We need to think about restoring services too.

upvoted 0 times

...

Zack

30 days ago

Agreed! Containment is key to prevent further damage.

upvoted 0 times

...

Dion

1 month ago

I think we should go with B) Containment. It's crucial to stop the attack first.

upvoted 0 times

...

Eliz

1 month ago

Wait, are we sure it's a DOS attack? Could be something else!

upvoted 0 times

...

Monroe

2 months ago

Yeah, B) Containment is crucial to stop the attack!

upvoted 0 times

...

Sherill

2 months ago

B) Containment makes sense, but isn't it risky?

upvoted 0 times

...

Johnson

2 months ago

I thought we would go for A) Recovery first?

upvoted 0 times

...

Glynda

2 months ago

Definitely B) Containment is the way to go!

upvoted 0 times

...

Alesia

2 months ago

B) Containment, definitely. Unless you want to be the one explaining to the boss why the whole network is down, that is.

upvoted 0 times

...

Fairy

2 months ago

B) Containment, for sure. Gotta nip that DoS in the bud before it turns into a full-blown disaster.

upvoted 0 times

...

Karl

3 months ago

B) Containment, no doubt. Wouldn't want to be the one who let a DoS attack run rampant, that's a career-ending move!

upvoted 0 times

...

Adelina

3 months ago

I'm going with B) Containment too. Can't let that DoS attack run wild, gotta contain it ASAP.

upvoted 0 times

...

Jame

3 months ago

I agree, B) Containment is the way to go. Gotta put out that fire before it burns down the whole house!

upvoted 0 times

...

Ailene

4 months ago

Definitely B) Containment. You need to stop the attack from spreading and causing further damage.

upvoted 0 times

...

Tawna

4 months ago

I thought preparation was more about preventing incidents rather than responding to them. So, it must be containment next, right?

upvoted 0 times

...

Nan

4 months ago

I practiced a similar question where containment was the right answer for a network attack. I feel like that applies here too.

upvoted 0 times

...

Stephane

4 months ago

I'm not entirely sure, but I remember something about recovery being important after an incident. Maybe that's the next step?

upvoted 0 times

...

Jacqueline

4 months ago

I think we should focus on containment first since it's a DoS attack and we need to stop it from affecting more systems.

upvoted 0 times

...

Melita

4 months ago

I agree with the Containment approach. Once we've contained the incident, we can move on to the Recovery phase.

upvoted 0 times

...

Avery

5 months ago

Definitely Containment. We need to isolate the affected systems and block the attack traffic as soon as possible.

upvoted 0 times

...

Roxane

5 months ago

Okay, let's think this through. We need to stop the attack first, so I'm pretty sure Containment is the way to go.

upvoted 0 times

...

Malika

5 months ago

Hmm, I'm a bit unsure here. Is Containment really the right phase, or should we be looking at Recovery instead?

upvoted 0 times

...

Jacinta

5 months ago

I think the next step would be Containment to stop the attack and prevent further damage.

upvoted 0 times

...