Comprehensive and Detailed Explanation From Exact Extract:
During the eradication phase of the information security incident management process, identifying all impacted hosts is essential to ensure that every element affected by the incident is addressed before proceeding to recovery. According to ISO/IEC 27035-2:2016, Clause 6.4.5, the eradication phase involves removing malware, disabling unauthorized access, and remediating vulnerabilities that led to the incident.
Identifying all impacted hosts ensures:
Comprehensive removal of malicious artifacts
Prevention of reinfection or further propagation
A smooth and complete transition into the recovery phase
This directly supports recovery planning because it helps teams understand which systems need to be restored, rebuilt, or validated. Option B (optimizing hardware performance) is not a goal of incident management, and Option C (enhancing overall security) is a long-term objective but not the immediate goal of the eradication phase.
[Reference:, , ISO/IEC 27035-2:2016, Clause 6.4.5: “During eradication, it is important to identify all affected systems so that root causes and malicious components are removed prior to recovery.”, , Correct answer: A, , —, ]
Submit