Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCED Exam - Topic 9 Question 72 Discussion

Actual exam question for GIAC's GCED exam
Question #: 72
Topic #: 9
[All GCED Questions]

Which tasks would a First Responder perform during the Identification phase of Incident Response?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Dannie at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sabine
25 days ago
I feel B is necessary. Ensuring firewalls and antivirus are active is a must!
upvoted 0 times
...
Gracie
30 days ago
D makes sense too. Disconnecting can stop the spread of the incident.
upvoted 0 times
...
Willow
1 month ago
I agree, but A is also important. Fixing the root cause prevents future issues.
upvoted 0 times
...
Mattie
1 month ago
I think option C is crucial. Gathering data helps understand the incident better.
upvoted 0 times
...
Jame
2 months ago
D is crucial too, gotta find those malicious processes!
upvoted 0 times
...
Gussie
2 months ago
Wait, can you really verify the root cause right away?
upvoted 0 times
...
Ivan
2 months ago
Totally agree with C, it’s all about gathering info first!
upvoted 0 times
...
Tasia
2 months ago
A seems a bit premature for the identification phase.
upvoted 0 times
...
Lucia
2 months ago
C is definitely a key task!
upvoted 0 times
...
Alpha
2 months ago
Identification is like a detective novel - gotta gather all the clues before you can solve the case!
upvoted 0 times
...
Ryan
3 months ago
Haha, I bet the person who wrote this question is a former incident responder who's seen it all!
upvoted 0 times
...
Sue
3 months ago
A) and B) are not relevant to the Identification phase. Those would be more appropriate for the Containment phase.
upvoted 0 times
...
Curt
3 months ago
D) is a good option too. Disconnecting network and searching for malware is important during Identification.
upvoted 0 times
...
Raul
4 months ago
C) is the correct answer. The Identification phase is all about gathering information to confirm the incident.
upvoted 0 times
...
Wendell
4 months ago
I recall that searching for valuable data (C) is crucial, but I wonder if installing firewalls (B) might also be relevant in some contexts?
upvoted 0 times
...
Nelida
4 months ago
I practiced a question similar to this, and I feel like disconnecting network communications (D) could be part of the containment phase instead of identification.
upvoted 0 times
...
Allene
4 months ago
I'm not entirely sure, but I remember something about verifying the root cause being more of a later step, so A might not fit here.
upvoted 0 times
...
Allene
4 months ago
I think the Identification phase is mostly about gathering information, so maybe option C is the best choice?
upvoted 0 times
...
Lorrie
4 months ago
This is a tricky one, but I think I've got it. The Identification phase is all about gathering information and confirming the incident, so option C seems like the best choice. I'm feeling pretty confident about this one.
upvoted 0 times
...
Marjory
5 months ago
I'm a bit confused here. Isn't the Identification phase more about verifying the root cause and applying security patches? I'm not sure if option C is the right answer, but I could be wrong. Guess I'll have to think this through a bit more.
upvoted 0 times
...
Luis
5 months ago
Okay, I've got this. The Identification phase is all about confirming that an incident has actually occurred and gathering the necessary data to understand what's going on. So I'd say option C is the way to go.
upvoted 0 times
...
Barney
5 months ago
Hmm, I'm a little unsure about this one. I know the Identification phase is all about gathering information, but I'm not sure if option C is the best choice. Maybe I should review my notes on incident response again.
upvoted 0 times
...
Felton
5 months ago
This seems like a pretty straightforward question. I think the key is to focus on the "Identification" phase, so I'd go with option C.
upvoted 0 times
Trinidad
19 days ago
I agree, option C is definitely the right choice. Gathering data is crucial.
upvoted 0 times
...
...

Save Cancel