An auditor is reviewing the 'Incident Response Plan'. Which phase of incident response involves removing the threat from the environment (e.g., deleting malware, disabling breached accounts)?

Answer options:

Containment

Eradication

Recovery

Preparation

How to approach this question

Contain = Stop spread. Eradicate = Kill it. Recover = Fix damage.

Full Answer

B.Eradication✓ Correct

Eradication is the phase where the organization identifies and eliminates the root cause of the incident, such as deleting malware or disabling compromised accounts.

Common mistakes

Confusing Containment and Eradication.

Question 42 All questions Question 44

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →