Which action is part of the containment phase of the incident response lifecycle?
Which action is part of the containment phase of the incident response lifecycle?
Making considerations for data loss versus service availability is part of the containment phase in incident response. This phase involves isolating the affected systems to prevent further damage, thus, balancing the need to preserve data and maintain service availability during and after an incident.
Answer is C: CSA guidance 9.1.1 Containment, Eradication and Recovery • Containment: Taking systems offline. Considerations for data loss versus service availability. Ensuring systems don’t destroy themselves upon detection
pg102, Considerations for data loss versus service availability. Ensuring systems don’t destroy themselves upon detection.