EC-Council
312-39 · Question #47
312-39 Question #47: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #47. The question stem and answer options stay visible for context.
Question
At GlobalTech, the SOC team detects a suspicious ransomware outbreak affecting multiple endpoints. After successfully isolating the infected systems from the network, the Digital Forensics team begins their investigation. They deploy a forensics workstation to acquire RAM dumps, extract Windows Event Logs, and collect network PCAP files from the compromised hosts. Which phase of the Incident Response lifecycle is currently underway?
Options
- ARecovery
- BEvidence gathering and forensic analysis
- CContainment
- DEradication
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.