Which action is a remediation objective?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which action is a remediation objective?

Explanation:
In incident response, remediation is about returning systems to a clean, trusted state by removing the threat and its artifacts and restoring normal operations. The primary objective is to eliminate the adversary’s presence from the environment, which includes eradicating malware, closing backdoors, removing stolen credentials, and patching or reconfiguring affected systems so the threat cannot persist or re-enter. This focus on removing the intruder makes the environment verifiably clean and safe again, which is the essential milestone that signals remediation is complete and recovery can proceed. While other actions—such as hindering the attacker’s ability to return, preventing the attacker from reacting to remediation, or simply denying access—are valuable preventive or strategic controls, they do not by themselves fulfill the remediation goal of fully clearing the environment of attackers and their artifacts.

In incident response, remediation is about returning systems to a clean, trusted state by removing the threat and its artifacts and restoring normal operations. The primary objective is to eliminate the adversary’s presence from the environment, which includes eradicating malware, closing backdoors, removing stolen credentials, and patching or reconfiguring affected systems so the threat cannot persist or re-enter.

This focus on removing the intruder makes the environment verifiably clean and safe again, which is the essential milestone that signals remediation is complete and recovery can proceed. While other actions—such as hindering the attacker’s ability to return, preventing the attacker from reacting to remediation, or simply denying access—are valuable preventive or strategic controls, they do not by themselves fulfill the remediation goal of fully clearing the environment of attackers and their artifacts.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy