Future Business Leaders of America (FBLA) Cybersecurity Practice Test

What does the process of eradication in an incident response plan involve?

• A. Restoring systems to their original states
• B. Removing and fixing the vulnerabilities that caused the incident
• C. Analyzing past incidents for trends
• D. Establishing a new security policy

The correct answer is: Removing and fixing the vulnerabilities that caused the incident

The process of eradication in an incident response plan is focused on removing the cause of the incident and addressing any vulnerabilities that may have been exploited. This phase is crucial because simply dealing with the immediate effects of an incident without addressing the underlying issues can lead to repeated compromises. In this stage, the incident response team investigates the specific vulnerabilities that were exploited during the security breach. They implement solutions to fix these vulnerabilities, ensuring that the same issue does not occur in the future. This may include applying patches to software, changing configurations, or implementing additional security measures. Restoring systems to their original states, while an essential part of the overall incident response, primarily falls under the recovery phase rather than eradication. Analyzing past incidents for trends is valuable for informing future security measures, but this activity is part of a larger strategy of improvement rather than the immediate response to a current incident. Establishing a new security policy may come as a result of insights gained during the incident, but it is not a direct action taken during the eradication phase. Thus, focusing on the removal and fixing of the specific vulnerabilities ensures that the risk of recurrence is mitigated effectively.