Drag and drop the steps of the incident response process in the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
Incident response follows NIST SP 800-61: preparation, detection, containment/eradication/recovery, post-incident activity, and improvement.