Which set of core phases is described in the NIST incident response lifecycle?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

Which set of core phases is described in the NIST incident response lifecycle?

Explanation:
NIST's incident response lifecycle is a structured, repeatable process for handling security incidents, and it includes six phases: Preparation, Detection and Analysis, Containment, Eradication, Recovery, and Lessons Learned. Preparation builds the foundation—defining roles, establishing communication plans, assembling tools, and training the team so action can be taken quickly when an alert arrives. Detection and Analysis is where alerts are triaged, the incident is scoped, and the potential impact is understood to guide the response. Containment focuses on stopping the spread of the incident, choosing strategies that minimize damage while keeping systems available when possible. Eradication means removing the root cause, fixing exploited vulnerabilities, and cleansing affected environments. Recovery is about restoring normal operations, validating that systems are clean, and monitoring to ensure there’s no reoccurrence. Lessons Learned is a post-incident review that feeds back into improved detection, remediation steps, and updated policies, playbooks, and defenses for future incidents. The other options describe aims outside this lifecycle—either trying to prevent every incident, focusing only on collecting evidence, or emphasizing governance tasks—so they don’t capture the full, actionable sequence defined by NIST.

NIST's incident response lifecycle is a structured, repeatable process for handling security incidents, and it includes six phases: Preparation, Detection and Analysis, Containment, Eradication, Recovery, and Lessons Learned. Preparation builds the foundation—defining roles, establishing communication plans, assembling tools, and training the team so action can be taken quickly when an alert arrives. Detection and Analysis is where alerts are triaged, the incident is scoped, and the potential impact is understood to guide the response. Containment focuses on stopping the spread of the incident, choosing strategies that minimize damage while keeping systems available when possible. Eradication means removing the root cause, fixing exploited vulnerabilities, and cleansing affected environments. Recovery is about restoring normal operations, validating that systems are clean, and monitoring to ensure there’s no reoccurrence. Lessons Learned is a post-incident review that feeds back into improved detection, remediation steps, and updated policies, playbooks, and defenses for future incidents. The other options describe aims outside this lifecycle—either trying to prevent every incident, focusing only on collecting evidence, or emphasizing governance tasks—so they don’t capture the full, actionable sequence defined by NIST.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy