Question 16
An organization has activated the CSIRT. A security analyst believes a single virtual server was compromised and immediately isolated from the network. Which of the following should the CSIRT conduct next?
Question 17
Which of the following is the most important factor to ensure accurate incident response reporting?
Question 18
An employee is suspected of misusing a company-issued laptop. The employee has been suspended pending an investigation by human resources. Which of the following is the best step to preserve evidence?
Question 19
An incident response team member is triaging a Linux server. The output is shown below:
Which of the following is the adversary most likely trying to do?
Question 20
Which of the following best describes the actions taken by an organization after the resolution of an incident that addresses issues and reflects on the growth opportunities for future incidents?
