[&] What is the first phase of the NIST incident response lifecycle?
- Preparation -- Correct
- Post-incident activity
- Detection and analysis
- Containment, eradication, and recovery

[&] During which phase of the NIST incident response process is threat containment primarily addressed?
- Preparation
- Detection and analysis
- Post-incident activity
- Containment, eradication, and recovery -- Correct

[&] Why is post-incident activity crucial in the incident response process?
- It finalizes the incident report without requiring further action
- It ensures all security tools are updated automatically
- It identifies additional staff required by the incident response team
- It helps learn from incidents to enhance future detection and response capabilities -- Correct

[&] What is a key benefit of using a structured incident response framework like NIST?
- It allows for ad-hoc responses to threats without preparation
- It provides consistency and efficiency in managing incidents -- Correct
- It guarantees no future cybersecurity incidents
- It focuses solely on internal threats within the organization