Which sequence correctly describes incident response stages?

Understanding how incident response unfolds in practice is essential here. Once an incident is detected, the first priority is containment—stop the spread, limit damage, and keep other systems from being compromised. After the threat is contained, you eradicate it—remove malware, close the vulnerability, and clean affected accounts or data so the attacker can no longer operate. Finally comes recovery—bring systems back online, restore services, and verify that everything is clean and monitored to prevent a reoccurrence. This sequence mirrors how responders stabilize the situation before removing the root cause and then restoring normal operations. Choices that place prevention, planning, or detection before containment or that skip the containment step don’t reflect the practical execution order of incident handling.