During which phase of incident response would an analyst review the data below?
During which phase of incident response would an analyst review the data below?
The data depicted in the image is a network traffic capture, showing multiple SYN packets, which suggests that an analyst is analyzing this traffic to identify potential incidents or malicious activities, such as a SYN flood attack. The phase of incident response where analysts review logs and network traffic to identify and confirm the presence of an incident is known as Detection. During the Detection phase, the primary goal is to detect and validate potential security incidents.
Correct Answer is "C" Identification/Detection, based upon PICERL model
impossible is preparation, it does look like a SYN flood attempt. based on PICERL this is should be identification, which is to analyse logs, but none of the options about has identification. I would skip this question but if really comes out in exam, i would choose detection.