Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Logical Operations Exam CFR-210 Topic 2 Question 27 Discussion

Actual exam question for Logical Operations's CFR-210 exam
Question #: 27
Topic #: 2
[All CFR-210 Questions]

An organization's public information website has been defaced. The incident response team is actively engaged in the following actions:

- Installing patches on the web server

- Turning off unnecessary services on web server

- Adding new ACL rules to the WAF

- Changing all passwords on web server accounts

Which of the following incident response phases is the team MOST likely conducting?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Peggie at May 08, 2022, 05:21 PM

Limited Time Offer

25%

Off

Get Premium CFR-210 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lemuel
1 months ago
I'm not sure, it could also be the Respond phase. They're actively investigating and taking immediate actions to address the incident.
upvoted 0 times
...
Eileen
1 months ago
Haha, changing all the passwords? That's like locking the barn door after the horse has bolted. But I guess it's better late than never!
upvoted 0 times
Rebecka
13 days ago
C) Contain
upvoted 0 times
...
Cordelia
19 days ago
B) Recover
upvoted 0 times
...
Amie
29 days ago
A) Respond
upvoted 0 times
...
...
Dominic
2 months ago
I agree, Contain is the correct answer. They're trying to stop the bleeding and prevent the situation from getting worse.
upvoted 0 times
Roslyn
8 days ago
C) Contain
upvoted 0 times
...
Avery
13 days ago
B) Recover
upvoted 0 times
...
Margurite
17 days ago
A) Respond
upvoted 0 times
...
...
Louisa
2 months ago
The team is definitely in the Contain phase. Patching, disabling services, and adding new ACL rules are all actions to limit the damage and prevent further compromise.
upvoted 0 times
Luis
3 days ago
B) Recover
upvoted 0 times
...
Frank
4 days ago
A) Respond
upvoted 0 times
...
Iluminada
8 days ago
D) Identify
upvoted 0 times
...
Catarina
1 months ago
C) Contain
upvoted 0 times
...
Melina
1 months ago
B) Recover
upvoted 0 times
...
Nu
2 months ago
A) Respond
upvoted 0 times
...
...
Silvana
2 months ago
But they are also adding new ACL rules to the WAF, which sounds like they are containing the incident.
upvoted 0 times
...
Loreta
2 months ago
I agree with Celestina, they are installing patches and changing passwords to respond to the incident.
upvoted 0 times
...
Celestina
2 months ago
I think the team is in the Respond phase.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77