Containmentis the phase wherean organization attempts to minimize the damage caused by a security incident. This may involve isolating affected systems, blocking malicious traffic, or temporarily shutting down compromised services to prevent further impact.
Recovery (A)focuses on restoring normal operations after an incident.
Preparation (C)involves planning and readiness before an incident occurs.
Analysis (D)involvesinvestigating the root causeand assessing the damage.
[Reference:CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain., , , , , , , ]
Submit