Scenario: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions.
What is the MOST critical aspect of the team’s activities?
A . Regular communication of incident status to executives
B . Preservation of information
C . Eradication of malware and system restoration
D . Determination of the attack source
Answer: B
Leave a Reply