Which elements should incident reporting include?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the EC-Council Certified Security Specialist (ECSS) Test. Enhance your skills with flashcards and multiple-choice questions; each question provides hints and explanations. Prepare confidently for your exam!

Multiple Choice

Which elements should incident reporting include?

Explanation:
When documenting an incident, you want a clear picture of what happened and why it matters. The best choice includes the attacker’s activity (what the intruder did), the intensity or severity of the activity (how impactful or sustained the attack was), the vulnerability that was exploited (which weakness allowed the intrusion), and the design or operational impact (how the system or its design was affected). This combination gives responders and investigators a complete story: what occurred, how serious it was, where the weakness lies, and what the consequences were. Time of detection and system uptime, while useful for building a timeline, don’t by themselves describe the incident’s nature or its impact. Hardware specs and vendor support are not central to understanding the incident itself and are better suited for asset management or procurement discussions.

When documenting an incident, you want a clear picture of what happened and why it matters. The best choice includes the attacker’s activity (what the intruder did), the intensity or severity of the activity (how impactful or sustained the attack was), the vulnerability that was exploited (which weakness allowed the intrusion), and the design or operational impact (how the system or its design was affected). This combination gives responders and investigators a complete story: what occurred, how serious it was, where the weakness lies, and what the consequences were.

Time of detection and system uptime, while useful for building a timeline, don’t by themselves describe the incident’s nature or its impact. Hardware specs and vendor support are not central to understanding the incident itself and are better suited for asset management or procurement discussions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy