🛡️ Free practice test question from: Incident response (Security+)

The incident response process is cyclical, but preparation is the foundational phase that occurs before any actual incident takes place.

During the preparation phase, organizations:

→ Develop incident response plans and procedures

→ Train staff on incident handling

→ Set up the necessary tools and systems

→ Create communication protocols

→ Establish baseline network behavior

The full incident response lifecycle typically flows like this: Preparation → Detection → Analysis → Containment → Eradication → Recovery → Lessons Learned → (back to Preparation)

*****

Detection (D) can only occur when there's something to detect - it's the phase where you identify that an incident is occurring or has occurred.

Eradication (B) happens after you've detected and analyzed an incident, as it involves removing the threat from your environment.

Lessons Learned (A) is actually the final phase, where you review what happened during the incident and how to improve your response for next time.