Exam 200-201 topic 1 question 5 discussion

Due diligence is the process of gathering and analyzing all relevant information before making a decision or taking action. In the context of security incidents, due diligence involves gathering and analyzing all available information about the incident, such as the nature of the threat, the extent of the damage or potential damage, and the possible impact on the organization's operations and assets. This information is then used to determine the appropriate course of action, such as containing and mitigating the threat, restoring systems and data, and identifying and addressing any underlying vulnerabilities

The principle being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action is due diligence. Due diligence refers to the careful and thorough investigation and analysis of a particular situation or problem in order to make informed decisions or take appropriate action. In the context of security incidents, this may involve gathering and analyzing relevant data, studying the potential impact of the incident, and determining the most appropriate response based on the circumstances.

The correct answer is D. Due diligence. Due diligence refers to the level of care and caution that is expected of individuals and organizations in order to protect themselves and others. In the context of security incidents, due diligence requires that analysts gather all relevant information about an incident in order to make informed decisions about the appropriate course of action. This involves carefully reviewing logs, network traffic, and other data sources to determine the scope and nature of the incident, and to identify any indicators of compromise.

A. decision making When an analyst gathers information relevant to a security incident, their primary goal is to make informed decisions on how to proceed with the incident response. They need to assess the available data, understand the nature and severity of the incident, evaluate potential risks, and then decide on the appropriate course of action to contain, mitigate, and remediate the situation effectively. "D. due diligence" is a broader concept that generally refers to the effort taken by a responsible party to avoid harm or potential risks to others. While due diligence is a critical part of the overall incident response process, the specific act of gathering information to determine the appropriate course of action more closely aligns with decision making (Option A) in this context.

D. due diligence

Decision making

Decision making

A. Decision making

A : decision making due diligence is appropriate to gathers information, now you need to decide on the course of action.

A : decision making

Dude diligence comes in before decision making, you first due and gather all information about an incident then you start working on it to make your decisions.

Option A is the best answer because the principle being described is decision making. When an analyst gathers information relevant to a security incident, they are collecting data to help them make an informed decision on how to proceed. Rapid response is related to how quickly an organization can respond to a security incident once it has been detected, while data mining involves the process of discovering patterns in large datasets. Due diligence is a general term that refers to the effort that a reasonable person takes to avoid harm to others.

Cybersecurity due diligence is the process of anticipating, identifying, and addressing cyber risks across a company's network ecosystem.

Page29 on https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf The incident response team should work quickly to analyze and validate each incident, following a predefined process and documenting each step taken. When the team believes that an incident has occurred, the team should rapidly perform an initial analysis to determine the incident’s scope, such as which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring (e.g., what tools or attack methods are being used, what vulnerabilities are being exploited). The initial analysis should provide enough information for the team to prioritize subsequent activities, such as containment of the incident and deeper analysis of the effects of the incident.

"Decision-making" comes up in NIST 800-600r2 in the Containment section, as well as the term "appropriate strategy" similar to "appropriate course of action" as written in the question. "Organizations should create separate containment strategies for each major incident type, with criteria documented clearly to facilitate ---decision-making----. Criteria for determining the appropriate strategy include...."

a is correct ,,since rapid response should be as the first step not after gather and detict

Decision making is correct answer