YouTube
shieldCISSP Practice Domain 7 — Security Operations Q33 of 120

During incident response, what is the PRIMARY purpose of the containment phase?

A CISSP practice question covering Domain 7: Security Operations. Try answering before reading the explanation below.

Show options & answer
A
Identify the root cause
B
Limit additional damage and prevent the incident from spreading
✓ Correct answer
C
Eradicate the threat permanently
D
Restore systems to normal operation
Why "Limit additional damage and prevent the incident from spreading" is the right answer

Containment stops the bleed: isolating affected systems, blocking attacker IPs, disabling compromised accounts. Eradication removes the cause; recovery restores service. Investigating root cause spans detection/analysis and lessons learned. The phases are ordered intentionally.

Study videos for this topic

Want to go deeper on Domain 7? Watch the full breakdown — every video is free, no account, no upsell.

CISSP Domain 7: Digital Forensics & Chain of Custody
Domain 7 — Security Operations
CISSP Domain 7: SIEM, IDS/IPS, Honeypots & UEBA
Domain 7 — Security Operations
CISSP Domain 7: Least Privilege, SoD & Resource Protection
Domain 7 — Security Operations
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.
Start full test →

Other practice tests

All practice tests CISSP videos Glossary