EC-Council
512-50 · Question #293
512-50 Question #293: Real Exam Question with Answer & Explanation
Sign in or unlock 512-50 to reveal the answer and full explanation for question #293. The question stem and answer options stay visible for context.
Question
SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team's activities?
Options
- ARegular communication of incident status to executives
- BEradication of malware and system restoration
- CDetermination of the attack source
- DPreservation of information
Unlock 512-50 to see the answer
You've previewed enough free 512-50 questions. Unlock 512-50 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.