Which THREE of the following are essential steps in the incident response process for a cloud security incident?
Containment is critical to limit scope.
Why this answer
Correct answers are A, B, and D. Identification (A), containment (B), and eradication (D) are key phases. Option C is wrong because rewarding staff is not part of incident response.
Option E is wrong because forensics typically occurs after containment, but is not an essential step in the core process (it is part of analysis).