nerdexam
GIAC

GCED · Question #23

GCED Question #23: Real Exam Question with Answer & Explanation

The correct answer is D. Conducting initial interviews and identifying the systems involved in the suspected incident.. The First Responder plays a critical role in the Incident Response process on the CSIRT (Computer Security Incident Response Team). Here is a list of some typical responder tasks: ?Make sure that the correct system is identified and photograph the scene, if necessary. ?Conduct an

Question

Which action would be the responsibility of the First Responder once arriving at the scene of a suspected incident as part of a Computer Security Incident Response Plan (CSIRP)?

Options

  • AMaking the decision of whether or not to notify law enforcement on behalf of the organization.
  • BPerforming timeline creation on the system files in order to identify and remove discovered
  • CCopying critical data from suspected systems to known good systems so productivity is not
  • DConducting initial interviews and identifying the systems involved in the suspected incident.

Explanation

The First Responder plays a critical role in the Incident Response process on the CSIRT (Computer Security Incident Response Team). Here is a list of some typical responder tasks: ?Make sure that the correct system is identified and photograph the scene, if necessary. ?Conduct an initial interview (not an interrogation) of any witnesses. The decision to notify law enforcement requires explicit approval and direction form management and/or counsel. While a First Responder may collect initial data while minimally intruding on the system, no major changes, or indepth media analysis should be performed by the First Responder when initially responding to a suspected incident.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice
Which action would be the responsibility of the First Responder... | GCED Q#23 Answer | NerdExam