Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Eccouncil Exam 712-50 Topic 6 Question 103 Discussion

Actual exam question for Eccouncil's 712-50 exam
Question #: 103
Topic #: 6
[All 712-50 Questions]

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Ronna at Mar 04, 2025, 05:19 AM

Limited Time Offer

25%

Off

Get Premium 712-50 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yuette
5 days ago
B) Investigation is the way to go. You don't want the team to be like a bull in a china shop, you know? Gotta be careful and delicate when gathering that evidence. Hey, at least they won't be playing 'Capture the Flag' with the servers!
upvoted 0 times
...
Niesha
10 days ago
I'm going with B) Investigation. That's where the real detective work happens, and you can't afford to mess it up by accidentally changing the evidence. Unless, of course, you're secretly the culprit and want to cover your tracks. Just joking, just joking!
upvoted 0 times
...
Taryn
12 days ago
B) Investigation makes the most sense here. You need to extract information without altering the original data to understand what's happening and how to respond effectively. Anything else would just be guesswork.
upvoted 0 times
...
Truman
14 days ago
I believe it's important to not alter original data during the Investigation phase to preserve evidence for analysis.
upvoted 0 times
...
Yuriko
16 days ago
The answer is clearly B) Investigation. That's when the team will gather and analyze the evidence without modifying the original data. I've seen this in my training, and it's crucial for preserving the integrity of the investigation.
upvoted 0 times
...
Leota
17 days ago
I agree with Salina, in the Investigation phase, they gather information without altering data.
upvoted 0 times
...
Salina
20 days ago
I think the team will extract information in the Investigation phase.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77