Exam GICSP Topic 1 Question 35 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 35
Topic #: 1
Which of the following is typically performed during the Recovery phase of incident response?

Suggested Answer: B Vote an answer

The Recovery phase in incident response focuses on restoring systems to normal operations and strengthening defenses:
Patching and configuring systems to meet secure standards (B) is a typical recovery activity to prevent recurrence.
Updating security policies (A) is usually part of the Post-Incident Activities or Governance.
Root cause analysis (C) is typically part of the Investigation or Analysis phase.
Forensic imaging (D) is part of the Containment and Eradication phases for evidence preservation.
GICSP aligns recovery activities with system hardening and return to normal operations.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response NIST SP 800-61 Rev 2 (Incident Handling Guide) GICSP Training on Incident Response Lifecycle

by Delia at Apr 06, 2026, 05:45 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10