New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca Cybersecurity-Audit-Certificate Exam - Topic 1 Question 21 Discussion

Actual exam question for Isaca's Cybersecurity-Audit-Certificate exam
Question #: 21
Topic #: 1
[All Cybersecurity-Audit-Certificate Questions]

During which incident response phase is evidence obtained and preserved?

Show Suggested Answer Hide Answer
Suggested Answer: C

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a secure internal network and an untrusted external network, such as the internet. This system is designed to prevent unauthorized access to or from private networks and is a fundamental piece of a comprehensive security framework for any organization.


by Sylvie at Jul 11, 2024, 05:08 PM

Limited Time Offer

25%

Off

Get Premium Cybersecurity-Audit-Certificate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Clemencia
3 months ago
Really? I had no idea it was that early in the process.
upvoted 0 times
...
Ricki
3 months ago
Nope, definitely containment. That's where it all starts!
upvoted 0 times
...
Rickie
3 months ago
Wait, I thought it was the eradication phase?
upvoted 0 times
...
Carey
4 months ago
Totally agree, containment is key for preserving evidence!
upvoted 0 times
...
Queen
4 months ago
It's during the containment phase that evidence is collected.
upvoted 0 times
...
Michell
4 months ago
I feel like it has to be containment, since that’s when you’re actively dealing with the incident and need to preserve what you find.
upvoted 0 times
...
Carman
4 months ago
I’m a bit confused; I thought evidence gathering happened in the recovery phase, but that doesn’t seem right now.
upvoted 0 times
...
William
4 months ago
I remember practicing a question about incident response phases, and I think it was during the eradication phase when evidence is preserved.
upvoted 0 times
...
Melynda
5 months ago
I think evidence is usually collected during the containment phase, but I'm not entirely sure.
upvoted 0 times
...
Paulina
5 months ago
I'm pretty confident that evidence collection and preservation happens during the investigation phase, which is part of the overall incident response process. That's when you're gathering information and documenting what happened.
upvoted 0 times
...
Inocencia
5 months ago
I'm a little unsure about this one. Is evidence collection and preservation part of the eradication phase, where you're trying to remove the root cause of the incident? Or is it during the recovery phase, when you're restoring normal operations? I'll have to review my notes on the incident response lifecycle.
upvoted 0 times
...
Marisha
5 months ago
Ah, I've got this! Evidence collection and preservation happens during the containment phase of the incident response process. That's when you're trying to stop the bleeding and secure the affected systems.
upvoted 0 times
...
Kanisha
5 months ago
Okay, let me think this through. I know evidence collection and preservation is a critical part of the incident response process, but I'm not sure which specific phase it falls under. I'll have to think about this one.
upvoted 0 times
...
Jonelle
5 months ago
Hmm, this seems like a pretty straightforward incident response question. I think the key is to remember the different phases and what happens in each one.
upvoted 0 times
...
Viva
5 months ago
Okay, I've got this. The first step is to deter potential threats, so I'll go with C. Deter.
upvoted 0 times
...
Soledad
5 months ago
I think I know this one - a spin-off allows investors to better value the demerged business, so I'll go with option C.
upvoted 0 times
...
Tricia
5 months ago
I'm not entirely sure how to break down the labor costs since some were overtime and others weren't. I remember similar questions though about identifying controllable costs.
upvoted 0 times
...
Gaynell
9 months ago
Nah, nah, the answer's clearly D) Recovery. Gotta get that system back up and running, pronto!
upvoted 0 times
...
Benton
9 months ago
Hmm, let me think... I'm gonna go with C) Eradication. Gotta wipe out that nasty malware, right?
upvoted 0 times
Meghan
8 months ago
User 3: Actually, it's D) Recovery. That's when evidence is obtained and preserved.
upvoted 0 times
...
Dona
8 months ago
User 2: I agree with Dona. Containment is crucial in the incident response process.
upvoted 0 times
...
Latrice
8 months ago
User 1: I think it's B) Containment. We need to stop the threat from spreading.
upvoted 0 times
...
...
Kristofer
9 months ago
Ding ding ding! B) Containment is the way to go. Gotta love those crime scene vibes, am I right?
upvoted 0 times
...
Nakita
9 months ago
Ooh, this one's a tricky one! I'm pretty sure it's B) Containment, where you've gotta act fast to stop the damage and gather all that juicy evidence.
upvoted 0 times
Geraldine
8 months ago
After containment, we can focus on gathering all the necessary evidence.
upvoted 0 times
...
Buddy
8 months ago
Preserving evidence is crucial for the investigation process.
upvoted 0 times
...
Angelo
8 months ago
Once we contain the incident, we can start preserving the evidence.
upvoted 0 times
...
Azalee
9 months ago
I think you're right, B) Containment is when we secure the evidence.
upvoted 0 times
...
...
Dorcas
11 months ago
I'm not sure, but I think it might be C) Eradication because that's when we eliminate the threat completely.
upvoted 0 times
...
Bobbie
11 months ago
I agree with Filiberto, evidence is obtained and preserved during the Containment phase.
upvoted 0 times
...
Filiberto
11 months ago
I think the answer is B) Containment.
upvoted 0 times
...

Save Cancel