Incident Response — CISSP Practice Questions
Incident response on the CISSP exam is primarily addressed within the Security Operations domain and covers the structured process for detecting, containing, eradicating, and recovering from security incidents. Candidates must know the standard phases of incident response (preparation, identification, containment, eradication, recovery, and lessons learned) and understand how each phase informs the next. The exam also tests knowledge of evidence handling, chain of custody, and how incident response coordinates with business continuity and disaster recovery plans. Effective incident response is treated as both a technical and managerial discipline, requiring clear roles, communication plans, and pre-established decision authority.
Free questions on incident response
In the context of incident response, what is the correct order of phases?
Free question · medium · full answer + explanation
More incident response questions in the full bank
- What is security orchestration and response (SOAR)? Unlock answer & explanation →
- What is incident response? Unlock answer & explanation →
- What is the purpose of a threat intelligence feed in incident response? Unlock answer & explanation →