GIAC GCED Exam - Topic 6 Question 22 Discussion

Actual exam question for GIAC's GCED exam

Question #: 22
Topic #: 6

[All GCED Questions]

Which action would be the responsibility of the First Responder once arriving at the scene of a suspected incident as part of a Computer Security Incident Response Plan (CSIRP)?

AMaking the decision of whether or not to notify law enforcement on behalf of the organization.

BPerforming timeline creation on the system files in order to identify and remove discovered malware.

CCopying critical data from suspected systems to known good systems so productivity is not affected by the investigation.

DConducting initial interviews and identifying the systems involved in the suspected incident.

Show Suggested Answer

Suggested Answer: D

The First Responder plays a critical role in the Incident Response process on the CSIRT (Computer Security Incident Response Team).

Here is a list of some typical responder tasks:

-- Make sure that the correct system is identified and photograph the scene, if necessary.

-- Conduct an initial interview (not an interrogation) of any witnesses.

The decision to notify law enforcement requires explicit approval and direction form management and/or counsel. While a First Responder may collect initial data while minimally intruding on the system, no major changes, or indepth media analysis should be performed by the First Responder when initially responding to a suspected incident.

by Belen at May 07, 2022, 01:07 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Goldie

4 months ago

D is the most logical choice, gotta know what we're dealing with first!

upvoted 0 times

...

Karol

4 months ago

Wait, are we really saying A is the first step? That seems off.

upvoted 0 times

...

Elouise

4 months ago

C sounds right too, keeping productivity up is important!

upvoted 0 times

...

Geoffrey

4 months ago

I disagree, A seems more critical for legal reasons.

upvoted 0 times

...

Tamesha

5 months ago

I think it's definitely D, initial interviews are key.

upvoted 0 times

...

Filiberto

5 months ago

Copying critical data seems risky; I thought we were supposed to preserve evidence instead of moving it around.

upvoted 0 times

...

Gerald

5 months ago

Conducting initial interviews sounds right to me, but I feel like there might be other priorities that come first in a CSIRP.

upvoted 0 times

...

Sue

5 months ago

I remember practicing a question about notifying law enforcement, but I can't recall if that was the First Responder's responsibility or someone higher up.

upvoted 0 times

...

Justine

5 months ago

I think the First Responder should focus on identifying the systems involved, but I'm not entirely sure if that's the first step.

upvoted 0 times

...

Dorothea

5 months ago

Data Scraping sounds like the most relevant option here. That's typically the term used for extracting structured data from web pages, which is what we're being asked to do in this case.

upvoted 0 times

...

Alyce

5 months ago

I thought the focus of a supplier evaluation system was on reducing inspection at customer sites, but I could be mixing it up with another concept we studied.

upvoted 0 times

...

Jeanice

5 months ago

As for the broad distribution, I thought there might be limits on who can issue commercial paper, so I wonder if that's an advantage at all.

upvoted 0 times

...