Systems Security Certified Practitioner – SSCP – Question0559 - Systems Security Certified Practitioner

What is the PRIMARY goal of incident handling?

A. Successfully retrieve all evidence that can be used to prosecute
B. Improve the company's ability to be prepared for threats and disasters
C. Improve the company's disaster recovery plan
D. Contain and repair any damage caused by an event.

Correct Answer: D

Explanation:

This is the PRIMARY goal of an incident handling process.
The other answers are incorrect because :
Successfully retrieve all evidence that can be used to prosecute is more often used in identifying weaknesses than in prosecuting.
Improve the company’s ability to be prepared for threats and disasters is more appropriate for a disaster recovery plan.
Improve the company’s disaster recovery plan is also more appropriate for disaster recovery plan. Reference : Shon Harris AIO v3 , Chapter -10 : Law, Investigation, and Ethics , Page : 727-728