Execute recovery processes as per system restoration guidelines and predefined operational procedures

Initiate the preparation phase as outlined by standard incident readiness practices and team coordination steps

Perform eradication procedures as required by internal protocols following threat containment and internal review

Begin triage activities to assess and organize incidents according to classification and prioritization criteria

B

The EC-Council Incident Handler (ECIH) curriculum clearly defines the Preparation Phase as the foundation of an effective Incident Handling and Response (IH&R) program. This phase focuses on establishing readiness before incidents occur. Activities include defining roles and responsibilities, forming and training the incident response team, conducting simulation and tabletop exercises, auditing assets, reviewing response tools, and developing formal policies and playbooks.

The scenario explicitly describes forward-looking corrective and preventive measures such as simulation exercises, stakeholder training, asset auditing, and policy development. These are hallmark activities of the Preparation phase. ECIH emphasizes that organizations lacking structured preparation often experience delayed response, unclear accountability, and increased operational impact during cyber incidents.

Option A (Recovery) focuses on restoring systems after containment and eradication. Option C (Eradication) involves removing threats after containment. Option D (Triage) falls under detection and analysis. None of these address proactive readiness and organizational resilience.

Therefore, initiating the Preparation phase is the correct approach to strengthen long-term cybersecurity resilience in alignment with ECIH standards.