Comprehensive and Detailed Explanation From Exact Extract:
The primary role of an incident response team, according to ISO/IEC 27035-2:2016, is to manage and respond to information security incidents effectively. This includes tasks such as identifying, analyzing, containing, mitigating, and recovering from incidents. The goal is to minimize the impact on the organization and restore normal operations as quickly as possible.
Key responsibilities include:
Incident detection and validation
Impact assessment
Coordination of containment and eradication efforts
Communication with stakeholders
Post-incident analysis and lessons learned
While vulnerability scanning and penetration testing (option C) are important security functions, they are typically assigned to the security operations team or dedicated assessment teams — not the incident response team per se. Likewise, maintaining physical infrastructure (option A) is the responsibility of facilities management or physical security teams, not the incident response team.
Reference Extracts:
ISO/IEC 27035-2:2016, Clause 5.2 – “The incident response team is responsible for analyzing, responding to, and resolving incidents.”
NIST SP 800-61r2 (Computer Security Incident Handling Guide) – “An incident response team handles the investigation and resolution of security incidents.”
Therefore, the correct answer is B: Investigating and managing cybersecurity incidents.Question Certainly! Below are QUESTION NO: 9 and QUESTION NO: 10, presented in your requested format, with detailed and comprehensive explanations referencing the ISO/IEC 27035 standards and related guidelines.
—
