Which option best describes what incident reporting should include?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Security Specialist Exam with our comprehensive quiz. Enhance your understanding through flashcards and multiple-choice questions complete with hints and explanations. Boost your exam confidence today!

Multiple Choice

Which option best describes what incident reporting should include?

Explanation:
Incident reports should document the key facts that help responders understand what happened, how severe it was, which weakness was exploited, what systems were affected, and what the attacker did. The best choice captures the incident’s intensity or severity, the vulnerability that was exploited, the design/operational impact, and the intruder’s activity. This provides the essential context for containment decisions, root-cause analysis, and future prevention, and it guides what needs to be fixed and how. Other details like system uptime and patch level are supporting context but don’t by themselves describe the incident’s scope or cause. Marketing impact isn’t relevant to the security event, and exposing user IDs and passwords in an incident report would be inappropriate due to confidentiality and security risks.

Incident reports should document the key facts that help responders understand what happened, how severe it was, which weakness was exploited, what systems were affected, and what the attacker did. The best choice captures the incident’s intensity or severity, the vulnerability that was exploited, the design/operational impact, and the intruder’s activity. This provides the essential context for containment decisions, root-cause analysis, and future prevention, and it guides what needs to be fixed and how.

Other details like system uptime and patch level are supporting context but don’t by themselves describe the incident’s scope or cause. Marketing impact isn’t relevant to the security event, and exposing user IDs and passwords in an incident report would be inappropriate due to confidentiality and security risks.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy