New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 9 Question 72 Discussion

Actual exam question for GIAC's GCED exam
Question #: 72
Topic #: 9
[All GCED Questions]

Which tasks would a First Responder perform during the Identification phase of Incident Response?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Dannie at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sue
3 days ago
A) and B) are not relevant to the Identification phase. Those would be more appropriate for the Containment phase.
upvoted 0 times
...
Curt
8 days ago
D) is a good option too. Disconnecting network and searching for malware is important during Identification.
upvoted 0 times
...
Raul
13 days ago
C) is the correct answer. The Identification phase is all about gathering information to confirm the incident.
upvoted 0 times
...
Wendell
18 days ago
I recall that searching for valuable data (C) is crucial, but I wonder if installing firewalls (B) might also be relevant in some contexts?
upvoted 0 times
...
Nelida
24 days ago
I practiced a question similar to this, and I feel like disconnecting network communications (D) could be part of the containment phase instead of identification.
upvoted 0 times
...
Allene
29 days ago
I'm not entirely sure, but I remember something about verifying the root cause being more of a later step, so A might not fit here.
upvoted 0 times
...
Allene
1 month ago
I think the Identification phase is mostly about gathering information, so maybe option C is the best choice?
upvoted 0 times
...
Lorrie
1 month ago
This is a tricky one, but I think I've got it. The Identification phase is all about gathering information and confirming the incident, so option C seems like the best choice. I'm feeling pretty confident about this one.
upvoted 0 times
...
Marjory
1 month ago
I'm a bit confused here. Isn't the Identification phase more about verifying the root cause and applying security patches? I'm not sure if option C is the right answer, but I could be wrong. Guess I'll have to think this through a bit more.
upvoted 0 times
...
Luis
2 months ago
Okay, I've got this. The Identification phase is all about confirming that an incident has actually occurred and gathering the necessary data to understand what's going on. So I'd say option C is the way to go.
upvoted 0 times
...
Barney
2 months ago
Hmm, I'm a little unsure about this one. I know the Identification phase is all about gathering information, but I'm not sure if option C is the best choice. Maybe I should review my notes on incident response again.
upvoted 0 times
...
Felton
2 months ago
This seems like a pretty straightforward question. I think the key is to focus on the "Identification" phase, so I'd go with option C.
upvoted 0 times
...

Save Cancel