Incident Response — CompTIA Security+ (SY0-701) Practice Questions
Incident response (IR) is the structured process an organization follows to prepare for, detect, contain, eradicate, and recover from security incidents. SY0-701 dedicates significant coverage to the phases of an IR plan, the roles and responsibilities within an IR team, and the types of evidence that must be preserved to support forensic investigation and legal proceedings. Candidates must distinguish between the phases of the NIST or PICERL frameworks, understand tabletop exercises and their role in readiness, and recognize when an event escalates to a declared incident requiring formal response.
Free questions on incident response
A security team discovers that attackers have compromised a web server and are using it to distribute malware to customers. What is the FIRST action that should be taken?
Free question · medium · full answer + explanation
More incident response questions in the full bank
- What should you do immediately after discovering a security breach? Unlock answer & explanation →
- Which type of test simulates a disaster without affecting production systems? Unlock answer & explanation →
- A security operations center (SOC) implements SOAR to improve incident response. Which capability does SOAR provide? Unlock answer & explanation →