Security+ Question of the Week: IDS Alert Response


When an IDS alerts the administrator that an intrusion is taking place, what is often the first action the first responder should perform?

A. Containment
B. Reconstitution
C. Contact law enforcement
D. Restore files from backup


The correct answer is A.

Domain: 2.3. Containment is usually the initial step to be performed by the first responder. While there are various circumstances where other options might be more appropriate, it is generally true that the most common initial step is containment. Containment aims at preventing further damage or distribution of the malicious activity

Related Courses
Security+ Prep Course (SY0-401)
Security+ Certification Boot Camp (SY0-401)

In this article

Join the Conversation