Systems Security Certified Practitioner – SSCP – Question0539

In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?

A.
Recovery
B. Containment
C. Triage
D. Analysis and tracking

Correct Answer: D

Explanation:

In this step, your main objective is to examine and analyze what has occurred and focus on determining the root cause of the incident.
Recovery is incorrect as recovery is about resuming operations or bringing affected systems back into production
Containment is incorrect as containment is about reducing the potential impact of an incident.
Triage is incorrect as triage is about determining the seriousness of the incident and filtering out false positives
Reference: Official Guide to the CISSP CBK, pages 700-704