An organization's computer incident response team (CIRT) receives an alert that shows possible malicious activity on a critical server within the network, and they initiate the CompTIA incident response process.The team follows the incident response lifecycle to address the situation, which involves several key steps.What order must the CIRT follow when performing the CompTIA incident response process?answerDetection, analysis, containment, eradication, recoveryIsolation, analysis, restoration, eradication, improvementPreparation, analysis, isolation, containment, recoveryDetection, analysis, eradication, restoration, improvement

The leader of the cybersecurity team for a major e-commerce company recently encountered a major data breach that led to the exposure of customer payment details. The team has now contained the breach and is moving toward the final phase of the incident response cycle.What is the team's primary objective in this phase?answerEradicate the cause of the incidentAnalyze the incident and improve procedures or systemsIdentify stakeholders and reporting requirementsRestore the affected system to a secure state

Question 3In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?1 pointCoordinationEradication and recoveryContainmentPost-incident activity

What is the first step in an incident response process?1 pointA) ContainmentB) EradicationC) RecoveryD) Identification

Question 7A security analyst wants to set the foundation for successful incident response. They outline roles and responsibilities of each security team member. What phase of an incident response playbook does this scenario describe? 1 pointPreparationContainmentDetection and analysisPost-incident activit

Can you outline a basic framework for incident response, what measures should organizations take when responding to a cyber security incident.