CERTIFIED-IN-CYBERSECURITY · Question #436
CERTIFIED-IN-CYBERSECURITY Question #436: Real Exam Question with Answer & Explanation
The correct answer is A: Evidence Collection. Evidence collection refers to the process of collecting and preserving evidence from a cybersecurity incident (see ISC2 Study Guide Chapter 2, Module 1). This process is critical to incident response because it helps determine the cause of the incident, identify the perpetrator,
Question
In the context of incident response, the term that refers to the collection and preservation of an incident is: ()
Options
- AEvidence Collection
- BForensics Analysis
- CIncident Retention
- DIncident Preservation
Explanation
Evidence collection refers to the process of collecting and preserving evidence from a cybersecurity incident (see ISC2 Study Guide Chapter 2, Module 1). This process is critical to incident response because it helps determine the cause of the incident, identify the perpetrator, and support any legal proceedings that may arise. For example, in the event of a data breach, the response team would collect evidence such as log files, network traffic data, and system images and preserve them securely and tamper-proof to maintain their integrity. Forensic analysis is a broader process that includes evidence collection, but also involves examining and analyzing the collected evidence to uncover the details of the incident. It's not the term that explicitly refers to the collection and preservation of evidence. While the remaining terms ("incident retention" and "incident preservation") may sound related, they are not recognized in the incident response process and do not describe the process of collecting and preserving evidence from a cybersecurity incident.
Topics
Community Discussion
No community discussion yet for this question.