In incident handling, which phase should define rules and backup planning?

Study for the EC-Council Certified Ethical Hacker (CEH) v13 Exam. Utilize flashcards and multiple-choice questions with helpful hints and detailed explanations. Excel in your exam preparation!

Multiple Choice

In incident handling, which phase should define rules and backup planning?

Explanation:
Defining how you will respond before anything happens is the heart of preparation. In this phase you set up the incident response policy, assign roles and responsibilities, establish escalation paths, and lock in the rules that govern how the team will act during an incident. Importantly, you also plan for backup and recovery here—deciding on backup strategies, data protection requirements, recovery objectives (like RPO and RTO), and the procedures to restore operations. Having these plans in place beforehand ensures a consistent, swift, and organized reaction when an incident occurs. The other phases focus on different actions. Detection is about recognizing that something is wrong and alerting the right people. Eradication aims to remove the threat from the environment. Recovery is about bringing systems back to normal operation after containment and cleanup, which may involve restoring data from backups. But the actual rules, playbooks, and backup planning should be established during preparation so they’re ready to be executed during an incident.

Defining how you will respond before anything happens is the heart of preparation. In this phase you set up the incident response policy, assign roles and responsibilities, establish escalation paths, and lock in the rules that govern how the team will act during an incident. Importantly, you also plan for backup and recovery here—deciding on backup strategies, data protection requirements, recovery objectives (like RPO and RTO), and the procedures to restore operations. Having these plans in place beforehand ensures a consistent, swift, and organized reaction when an incident occurs.

The other phases focus on different actions. Detection is about recognizing that something is wrong and alerting the right people. Eradication aims to remove the threat from the environment. Recovery is about bringing systems back to normal operation after containment and cleanup, which may involve restoring data from backups. But the actual rules, playbooks, and backup planning should be established during preparation so they’re ready to be executed during an incident.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy