Next Phase for Handling Denial of Service Attack

A.

As an incident handler at Mariotrixt.Inc, once you have identified a Denial of Service (DoS) attack from a network linked to your internal enterprise network, the next phase in the incident handling process that you should follow is Containment.

Containment is the phase in which the goal is to prevent further damage and prevent the attacker from causing any additional harm. In this phase, you would isolate the affected systems or network segments to prevent the attacker from causing any more damage or spreading the attack to other parts of the network. This may involve blocking traffic from specific IP addresses or shutting down certain network services.

During the Containment phase, it is also important to collect evidence for further investigation and to notify relevant parties such as management, law enforcement, or other stakeholders, if necessary. This is done to ensure that all necessary measures are taken to prevent further damage and to gather important information that can be used to identify the source of the attack and prevent future attacks.

Once the Containment phase has been completed, the next phase in the incident handling process would be the Eradication phase. In this phase, the goal is to remove the attacker's presence from the system and to restore the system to its normal operating state. This may involve removing any malware or backdoors that the attacker may have installed, restoring system files from backups, and implementing security measures to prevent similar attacks from happening again in the future.

In conclusion, the correct answer to the question is A. Containment, as it is the phase in which the incident handler would isolate the affected systems or network segments to prevent the attacker from causing any more damage, and collect evidence for further investigation.