ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
An organization has completed root-cause analysis and malware removal on several compromised application servers. As it prepares to return the systems to normal operation, management asks how the incident response team will verify that no residual malicious activity remains. Which action best demonstrates effective continuous monitoring during the recovery phase of the incident response lifecycle?
Deploy host and network sensors that feed real-time security event data to the SIEM and tune alerts for indicators of reinfection on the recovered servers.
Implement weekly full offline backups of the restored servers to safeguard data integrity.
Perform a company-wide wipe and reimage of all systems that were not directly impacted by the incident.
Conduct a lessons-learned workshop with stakeholders to update the incident response policy and procedures.
During the recovery phase, continuous monitoring focuses on collecting and analyzing security telemetry from restored systems to ensure they remain free of compromise and operate normally before being fully released to production. Deploying host- and network-based sensors that stream real-time logs and alerts to a central monitoring platform allows the team to detect any residual malicious behavior or attempted reinfection quickly and take corrective action. Scheduling backups, wiping unaffected systems, or updating policies and lessons-learned documents are valuable tasks in other phases (preparation, eradication, or post-incident) but do not constitute the ongoing, near-real-time observation required for continuous monitoring in recovery.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is continuous monitoring in the context of incident response?
Open an interactive chat with Bash
What is a SIEM system and why is it important for monitoring?
Open an interactive chat with Bash
What are host-based and network-based sensors, and how do they work together?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .