Question at position 19 When the attack is minor and unlikely to escalateWhen the root cause of the incident has been identified and requires extensive remediationWhen an organization has unlimited resourcesWhen there is a lack of skilled personnel to manage the incident

Question

BlackTom AI · Accepted Answer

Consider the scenario described by the question, which asks under which circumstance a long-term containment strategy would be preferable over a short-term one.
Option 1: 'When the attack is minor and unlikely to escalate' — This would typically be addressed with a faster, short-term containment or even immediate remediation, since the threat is deemed low risk and self-limiting. A long-term containment is unnecessary here because the incident is not expected to persist or cause ongoing disruption.
Option 2: 'When the root cause of the incident has been identified and requires extensive remediation' — This option describes a situation where the immediate containment is not sufficient to fully resolve the underlying problem. If the root cause is known but requires substantial fixes, a long-term containment strategy helps maintain security and operations while remediation is completed, preventing recurrence or lateral movement. This aligns with standard incident management practices that differentiate between short-term containment (stopping the bleeding) and long-term containment (keeping systems secure during heavy remediation).
Option 3: 'When an organization has unlimited resources' — Resource abundance does not by itself justify long-term containment. The choice between short-term and long-term containment should be driven by risk, complexity, and remediation needs, not merely by available resources. Unlimited resources could enable faster remediation but does not define the necessity for a long-term containment approach.
Option 4: 'When there is a lack of skilled personnel to manage the incident' — A lack of skilled personnel would complicate containment and remediation, but it does not inherently justify switching to a long-term containment strategy. In fact, it might necessitate a phased, simpler approach or escalation to external experts, rather than automatically favoring long-term containment as the general rule.
In summary, the most fitting reason to prefer long-term containment is when the root cause has been identified and requires extensive remediation, as this creates a sustained need to isolate and secure affected assets while complex fixes are implemented.

Question at position 19 When the attack is minor and unlikely to escalateWhen the root cause of the incident has been identified and requires extensive remediationWhen an organization has unlimited resourcesWhen there is a lack of skilled personnel to manage the incident

View Explanation

Log in for full answers

Similar Questions

During incident containment, which action is correct?

Question at position 17 NIST Special Publication 800-61r1 NIST Special Publication 800-61r2 NIST Special Publication (SP) 800-53NIST Special Publication 800-86

Question at position 8 By identifying the types of incidents that might occurBy establishing the budget for cybersecurity measuresBy mapping out potential escape routes for personnelBy pre-defining containment strategies for different types of incidents

Question at position 4 Creating well-defined procedures and checklistsFocusing solely on detection mechanismsPurchasing additional security softwareHiring more staff

Question at position 23 System configuration filesEmails from the target’s inboxFinancial data of the organizationUser account informationClear my selection

More Practical Tools for Students Powered by AI Study Helper

Homework AI Solver

Stylized AI Paper Writer

Plagiarism Checker Assistant

Citation AI Academic Writing Tool

In-Class Translation Assistant

AI Note Generator

AI Quiz Answers

Past Exam Questions from University Test Bank

Smart Practice Assistant

Adaptive Practice

Making Your Study Simpler