What is incident containment and which strategies help achieve it?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the DSAC Annex F Test with comprehensive flashcards and multiple choice questions. Access hints and explanations for each question to ensure you’re ready for your exam!

Multiple Choice

What is incident containment and which strategies help achieve it?

Explanation:
Containment focuses on stopping the attacker from spreading and limiting the damage after a breach is detected. The best approach uses concrete actions that immediately curb the attacker’s reach: network segmentation to restrict movement between parts of the environment, isolating affected assets so compromised systems can’t communicate with others, and removing attacker footholds by eradicating backdoors, compromised credentials, and malware. These steps reduce the blast radius and create a safer window to perform thorough eradication and recovery. Others are not suitable because eliminating all risk right away isn’t realistic during an active incident, waiting for the attacker to leave is passive and allows further harm, and simply logging events without taking action fails to stop ongoing activity and containment.

Containment focuses on stopping the attacker from spreading and limiting the damage after a breach is detected. The best approach uses concrete actions that immediately curb the attacker’s reach: network segmentation to restrict movement between parts of the environment, isolating affected assets so compromised systems can’t communicate with others, and removing attacker footholds by eradicating backdoors, compromised credentials, and malware. These steps reduce the blast radius and create a safer window to perform thorough eradication and recovery.

Others are not suitable because eliminating all risk right away isn’t realistic during an active incident, waiting for the attacker to leave is passive and allows further harm, and simply logging events without taking action fails to stop ongoing activity and containment.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy