Temporary shutdown and restoration of the infected system are common techniques in which stage of incident response?

The stage of incident response where temporary shutdown and restoration of the infected system are applied is containment. Containment aims to limit the impact of the incident, preventing it from spreading to other systems or networks. By temporarily shutting down the affected systems, responders can isolate the threat and prevent further damage. This action is crucial during containment as it helps protect the organization's assets while the incident is being analyzed.

Restoration is also a part of containment, as once the threat is isolated and addressed, the ultimate goal is to restore the system to normal operations. This may involve cleaning the infected system and restoring data from backups to ensure that it is functioning securely.

In other stages, such as preparation, the focus is on having the necessary plans and tools in place before any incident occurs. During the recovery phase, the emphasis shifts to restoring and validating system functionality after the incident has been dealt with, rather than immediate containment. In the identification stage, the process centers on recognizing the incident and determining its nature and extent, rather than taking actions to mitigate it.