SSCP Question #441: Real Exam Question with Answer & Explanation

The correct answer is D: Management of the network logs, including collection, retention, review, and analysis of data. A complete description of network log management as a CIRT activity must encompass all four phases: collection (gathering log data), retention (storing logs for the appropriate period), review (examining logs for anomalies), and analysis (deriving meaningful security intelligence

Submitted by jian89· Apr 18, 2026Incident Response and Recovery

Question

Another example of Computer Incident Response Team (CIRT) activities is:

Options

AManagement of the netware logs, including collection, retention, review, and analysis of data
BManagement of the network logs, including collection and analysis of data
CManagement of the network logs, including review and analysis of data
DManagement of the network logs, including collection, retention, review, and analysis of data

Explanation

A complete description of network log management as a CIRT activity must encompass all four phases: collection (gathering log data), retention (storing logs for the appropriate period), review (examining logs for anomalies), and analysis (deriving meaningful security intelligence from the data). Option D is the only choice that includes all four elements. Option A incorrectly says 'netware logs' (a Novell network product) instead of 'network logs.' Option B omits retention and review. Option C omits collection and retention. Comprehensive log management covering all four phases is a core CIRT responsibility because logs are essential evidence for detecting, investigating, and responding to security incidents.

Topics

#CIRT#Incident Response#Log Management#Security Operations

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions