In the context of incident response preparation, which statement is true?

Preparation in incident response is about getting ready before an incident occurs. It includes building an IR plan, defining roles and responsibilities, training staff, and ensuring the right tools, runbooks, and contact lists are in place and tested. This readiness directly supports a swift, coordinated, and effective response when an event happens, which is why focusing on planning, tool readiness, and roles is the best description of this phase. Containment is an action taken during an incident to limit its impact, eradication removes the root cause, and post-incident activity occurs after the incident to review and improve—their timing and purpose place them in other parts of the response lifecycle rather than preparation.