Which framework comprises Preparation, Detection & Analysis, Containment/Eradication/Recovery, and Post-Incident Activity?

This question tests understanding of the structured sequence used to handle security incidents from start to finish. The framework that lists Preparation, Detection & Analysis, Containment/Eradication/Recovery, and Post-Incident Activity is the NIST Incident Response Life Cycle. It begins with Preparation—setting up the IR team, playbooks, tools, and communication plans so you’re ready to act. Detection & Analysis follows, where incidents are identified, classified, and their scope and impact assessed to decide the appropriate response. Containment/Eradication/Recovery then focuses on limiting the damage, removing the attacker’s access, restoring systems, and validating operations. Finally, Post-Incident Activity looks at lessons learned, updates to plans and controls, and improvements to prevent similar incidents in the future. The other frameworks don’t define this exact sequence: the NIST Cybersecurity Framework is a broader risk-management model, PDCA is a generic continuous-improvement cycle, and the OODA Loop is a rapid decision-making cycle.