What is the primary objective in the Containment and Intelligence Development phase?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS FOR508 Exam. Use flashcards and multiple-choice questions, each with hints and explanations. Maximize your readiness for the test!

Multiple Choice

What is the primary objective in the Containment and Intelligence Development phase?

Explanation:
Rapidly understanding how the attacker operates and using that knowledge to shape a containment plan is what this phase is all about. By quickly mapping how the adversary entered, how they maintained access, how they moved around the environment, and how they communicated with command and control, responders can design targeted containment actions that stop the spread and limit damage. This same analysis also yields threat intelligence—the attacker’s techniques, tactics, and indicators—which informs not only the immediate containment decisions but also broader defensive improvements and collaboration with others who need the same intel. Rebuilding systems, while important, comes after containment and is part of recovery. Centralized logging is a critical capability for detection and forensics, but it’s a tool used across phases rather than the main objective here. Patch management is about reducing future risk and reinfection, which belongs to later remediation steps rather than this phase’s primary focus on containment and intelligence development.

Rapidly understanding how the attacker operates and using that knowledge to shape a containment plan is what this phase is all about. By quickly mapping how the adversary entered, how they maintained access, how they moved around the environment, and how they communicated with command and control, responders can design targeted containment actions that stop the spread and limit damage. This same analysis also yields threat intelligence—the attacker’s techniques, tactics, and indicators—which informs not only the immediate containment decisions but also broader defensive improvements and collaboration with others who need the same intel.

Rebuilding systems, while important, comes after containment and is part of recovery. Centralized logging is a critical capability for detection and forensics, but it’s a tool used across phases rather than the main objective here. Patch management is about reducing future risk and reinfection, which belongs to later remediation steps rather than this phase’s primary focus on containment and intelligence development.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy