What are the general steps of an incident response relevant to inquiries?

• A. Identify, contain, escalate, notify, and close the inquiry.
• B. Identify, contain, eradicate, recover, and review; report to the supervisor and document actions.
• C. Identify the source only after the customer complains.
• D. Identify, contain, eradicate, recover, and review; report to the supervisor and document actions.

Answer: (D)

The main idea is to follow a clear incident response lifecycle that moves from recognizing the issue to restoring normal operations and learning from it. Start by identifying the incident—confirming what happened, its scope, and who or what is affected. Next, contain the incident to prevent it from spreading or causing more damage. Then eradicate the root cause or threat, removing whatever allowed the incident to occur. After that, recover by restoring systems and services to normal operation, ensuring they are clean and functioning correctly. Finally, review what happened to capture lessons learned, assess what worked well or poorly, and implement improvements.

Including reporting to a supervisor and documenting every action ensures accountability and creates a traceable record for future prevention. This combination of actions—identify, contain, eradicate, recover, and review—paired with proper reporting and documentation, best fits a complete incident-response approach, rather than waiting for a customer complaint or skipping any of these essential steps.