Incident Response Procedures
CompTIA Security+ SY0-701 (V7) PBQ
Match incident response phases with appropriate actions and procedures. This helps students understand what steps should be taken during each phase of the incident response lifecycle according to best practices.
Some options will have multiple correct answers.
Conduct post-incident review and root cause analysis
Apply short-term fixes or network segmentation
Establish and train response team roles and responsibilities
Analyze logs and alerts to detect anomalies
Disable compromised user accounts and credentials
Validate and categorize security incidents
Remove malware and malicious artifacts
Monitor systems and validate normal operations
Restore systems and data from clean backups
Develop incident response plan
Isolate affected systems to prevent spread
Update incident response plan and security controls
Identification
Recovery
Lessons Learned
Eradication
Containment
Preparation