Question at position 19 When the attack is minor and unlikely to escalateWhen the root cause of the incident has been identified and requires extensive remediationWhen an organization has unlimited resourcesWhen there is a lack of skilled personnel to manage the incident

Question

BlackTom AI · Accepted Answer

Consider the scenario described by the question, which asks under which circumstance a long-term containment strategy would be preferable over a short-term one.
Option 1: 'When the attack is minor and unlikely to escalate' — This would typically be addressed with a faster, short-term containment or even immediate remediation, since the threat is deemed low risk and self-limiting. A long-term containment is unnecessary here because the incident is not expected to persist or cause ongoing disruption.
Option 2: 'When the root cause of the incident has been identified and requires extensive remediation' — This option describes a situation where the immediate containment is not sufficient to fully resolve the underlying problem. If the root cause is known but requires substantial fixes, a long-term containment strategy helps maintain security and operations while remediation is completed, preventing recurrence or lateral movement. This aligns with standard incident management practices that differentiate between short-term containment (stopping the bleeding) and long-term containment (keeping systems secure during heavy remediation).
Option 3: 'When an organization has unlimited resources' — Resource abundance does not by itself justify long-term containment. The choice between short-term and long-term containment should be driven by risk, complexity, and remediation needs, not merely by available resources. Unlimited resources could enable faster remediation but does not define the necessity for a long-term containment approach.
Option 4: 'When there is a lack of skilled personnel to manage the incident' — A lack of skilled personnel would complicate containment and remediation, but it does not inherently justify switching to a long-term containment strategy. In fact, it might necessitate a phased, simpler approach or escalation to external experts, rather than automatically favoring long-term containment as the general rule.
In summary, the most fitting reason to prefer long-term containment is when the root cause has been identified and requires extensive remediation, as this creates a sustained need to isolate and secure affected assets while complex fixes are implemented.

Question at position 19 When the attack is minor and unlikely to escalateWhen the root cause of the incident has been identified and requires extensive remediationWhen an organization has unlimited resourcesWhen there is a lack of skilled personnel to manage the incident

查看解析

登录即可查看完整答案

类似问题

During incident containment, which action is correct?

Question at position 17 NIST Special Publication 800-61r1 NIST Special Publication 800-61r2 NIST Special Publication (SP) 800-53NIST Special Publication 800-86

Question at position 8 By identifying the types of incidents that might occurBy establishing the budget for cybersecurity measuresBy mapping out potential escape routes for personnelBy pre-defining containment strategies for different types of incidents

Question at position 4 Creating well-defined procedures and checklistsFocusing solely on detection mechanismsPurchasing additional security softwareHiring more staff

Question at position 23 System configuration filesEmails from the target’s inboxFinancial data of the organizationUser account informationClear my selection

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单