Exam GICSP Topic 1 Question 67 Discussion
Actual exam question for GIAC's GICSP exam
Question #: 67
Topic #: 1
Question #: 67
Topic #: 1
Which of the following is part of the Respond function of the NIST CSF (cybersecurity framework)?
Suggested Answer: B Vote an answer
The Respond function of the NIST Cybersecurity Framework (CSF) focuses on activities to contain, mitigate, and eradicate incidents once detected.
Performing forensic analysis and eradicating malware (B) falls clearly within the Respond function.
(A) Discovering malicious activity is part of the Detect function.
(C) Restoring from backup is part of the Recover function.
(D) Limiting user access is a Preventive control under the Protect function.
GICSP training maps ICS security activities to the NIST CSF to guide structured incident response.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response NIST CSF Framework (Respond Function) GICSP Training on Incident Handling and Response
Performing forensic analysis and eradicating malware (B) falls clearly within the Respond function.
(A) Discovering malicious activity is part of the Detect function.
(C) Restoring from backup is part of the Recover function.
(D) Limiting user access is a Preventive control under the Protect function.
GICSP training maps ICS security activities to the NIST CSF to guide structured incident response.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response NIST CSF Framework (Respond Function) GICSP Training on Incident Handling and Response
by Bella at Jan 28, 2026, 01:50 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).