What is the primary goal of containment?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

What is the primary goal of containment?

Containment is about stopping the attacker from progressing and reducing the damage by degrading their ability to achieve their objectives. In practice, this means actions like isolating affected systems, blocking malicious traffic and command-and-control channels, revoking or restricting compromised credentials, and segmenting networks to prevent spread. The aim is to reduce risk and buy time for investigation and remediation, not to restore operations immediately or to collect data as the primary goal, and certainly not to punish attackers. By limiting attacker capabilities and opportunities, containment effectively curtails the incident’s impact while you determine the full scope and proceed with recovery.

What is the primary goal of containment?

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

What is the primary goal of containment?

Get the latest from Examzify