An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?
B. Preparation
The "Preparation" phase typically encompasses developing and maintaining incident response policies, procedures, and protocols, training staff to recognize and report incidents, and ensuring that resources are in place to effectively respond to incidents
I agree. Part of the Preparation phase of IR is providing training and awareness to staff.
The employee asking for a new device makes it seem like they're unaware of the risks of a lost/stolen device and not as worried as they should be. All of this most likely due to the lack of training/awareness
o Preparation: The long delay in reporting the missing device indicates a lack of awareness or preparedness within the organization regarding security procedures. If the employee had been informed about the proper reporting timeframes for missing devices, the incident could have been detected and contained much earlier. This points to a failure in the preparation phase, which involves establishing policies, procedures, and training related to incident response, including device security and reporting guidelines.
o A. Containment: Containment focuses on limiting the spread of an incident. While the delayed reporting certainly impacted the ability to contain the potential damage, the issue itself is rooted in the lack of preparation, not the containment efforts (assuming containment actions were taken once the incident was reported).
There's no indication as to whether or not the company was prepared, but with an appropriate containment strategy the device would have flagged itself as offline or been noticed missing before the employee reported it. The fact that no one knew the device was missing until the employee asked for a new one shows that lost/stolen devices do not have an appropriate containment strategy.
It's B - the company was not PREPARED for this incident, and therefore, the missing device hasn't been reported to anymore to take action. Containment would mean the period of time from the moment the incident had been reported until the time of first action or mitigation in the incident response plan. Since the question implies that there hasn't been any plan for such an incident, the failure was definitely somewhere in the preparation stage.
A. Containment
In this case, the employee's device was missing for 96 hours before being reported. A missing device can potentially pose security risks if it contains sensitive data or access to the organization's network. The containment phase should involve taking swift action to minimize the potential impact of the incident. In this situation, the delay in reporting the missing device indicates a gap in the containment phase. Improvements are needed to ensure that incidents are reported promptly, and appropriate measures are taken to secure the missing device and assess the potential risks.
ChatGPT says:
A. Containment
In an incident response cycle, the containment phase involves taking actions to prevent the incident from further spreading or causing additional damage. In this case, the employee's device was missing for 96 hours before being reported, which suggests a delay in taking action to contain the situation. A missing device could potentially pose a security risk, and immediate action should have been taken to mitigate that risk by, for example, remotely locking or wiping the device if necessary.
ChatGPT 3.5 now says B...
Preparation (B): The preparation phase of the incident response cycle involves activities such as planning, training, and putting in place the necessary resources and procedures to effectively respond to incidents. In this case, the fact that an employee's device was missing for 96 hours before being reported suggests a lapse in the preparation phase. There should be clear policies and procedures in place to ensure timely reporting of lost or missing devices, as delays can increase the risk of security incidents.
Options A, C, and D are not the primary phases needing improvement based on the information provided
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
417f743
Highly Voted 9 months ago32d799a
Highly Voted 1 year agotalosDevbot
9 months, 3 weeks agoSteel16
Most Recent 2 months, 1 week agoTrap_D0_r
10 months, 1 week agoPotato42
10 months, 3 weeks agoOdinAtlasSteel
1 year agozielony4242
1 year agoCraZee
9 months, 2 weeks agoJackZ
1 year, 1 month agoAlizadeh
1 year, 2 months ago