Q: 13
[Introduction to Incident Handling and Response]
Matt is an incident handler working for one of the largest social network companies, which was
affected by malware. According to the company’s reporting timeframe guidelines, a malware
incident should be reported within 1 h of discovery/detection after its spread across the company.
Which category does this incident belong to?
Options
Discussion
Option A
Probably B, had something like this in a mock exam.
Its A unless they define "spread" as isolated workstations, then maybe D.
Guessing A is correct, since a malware incident spreading company-wide and triggering a mandatory 1 hour reporting window lines up with CAT 1 (highest urgency). D gets people because not every malware counts as critical, but here the scale and urgency make it fit CAT 1. Seen similar category traps in ECIH practice, so watch for that wording. Anyone disagree?
A , CAT 1 fits because the incident is organization-wide and has a tight 1 hour reporting requirement. CAT 3 usually covers less severe or more localized events, so that's the trap here. Pretty sure exam frameworks treat this as high-priority but let me know if you saw something different in ECIH.
C or D. I’m thinking it could be CAT 2 or CAT 3 since not every malware incident gets a CAT 1 even if it’s organization-wide, depends on severity and actual impact. Seen practice sets use D as a trap for companywide cases too. Anyone see reasoning for not picking C or D?
Its A, that short 1 hour window and companywide spread makes it critical in most frameworks.
A
Be respectful. No spam.
