Effective CISSP Questions

When responding to an incident after the triage phase, which of the following should be conducted first? (Wentz QOTD)
A. Identify the root cause and work out a solution
B. Implement a workaround to restore the service level
C. Conduct retrospective to improve continously
D. Prioritize the incident based on importance and urgency

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Implement a workaround to restore the service level.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Incident Response Process
Incident Response Process

Responding to an incident after the triage phase implies the incident is analyzed and validated, and the incident response team gets started to contain and eradicate it. Implementing a workaround to restore the service level is a containment measure. Identifying the root cause and working out a solution typically comes after containment.

NIST SP 800-61 R2

Incident Response Life Cycle
Incident Response Life Cycle


在分類(triage)階段後響應事件時,應首先執行以下哪一項? (Wentz QOTD)
A. 找出根本原因並製定解決方案
B. 實施變通方法以恢復服務水平
C. 進行回顧以持續改進
D. 根據重要性和緊迫性確定事件的優先級

Leave a Reply