Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Eccouncil Exam 712-50 Topic 6 Question 103 Discussion

Actual exam question for Eccouncil's 712-50 exam
Question #: 103
Topic #: 6
[All 712-50 Questions]

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Ronna at Mar 04, 2025, 05:19 AM

Limited Time Offer

25%

Off

Get Premium 712-50 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yuette
2 months ago
B) Investigation is the way to go. You don't want the team to be like a bull in a china shop, you know? Gotta be careful and delicate when gathering that evidence. Hey, at least they won't be playing 'Capture the Flag' with the servers!
upvoted 0 times
Evan
12 days ago
A) Response
upvoted 0 times
...
...
Niesha
2 months ago
I'm going with B) Investigation. That's where the real detective work happens, and you can't afford to mess it up by accidentally changing the evidence. Unless, of course, you're secretly the culprit and want to cover your tracks. Just joking, just joking!
upvoted 0 times
Barbra
29 days ago
User 2: Definitely, we need to be careful not to disturb the original data during this phase.
upvoted 0 times
...
Keena
1 months ago
User 1: I agree, B) Investigation is crucial for gathering evidence without altering it.
upvoted 0 times
...
...
Taryn
2 months ago
B) Investigation makes the most sense here. You need to extract information without altering the original data to understand what's happening and how to respond effectively. Anything else would just be guesswork.
upvoted 0 times
...
Truman
2 months ago
I believe it's important to not alter original data during the Investigation phase to preserve evidence for analysis.
upvoted 0 times
...
Yuriko
2 months ago
The answer is clearly B) Investigation. That's when the team will gather and analyze the evidence without modifying the original data. I've seen this in my training, and it's crucial for preserving the integrity of the investigation.
upvoted 0 times
Ryan
24 days ago
Absolutely. The investigation phase is crucial for gathering information and understanding the scope of the incident before taking further action.
upvoted 0 times
...
Miesha
27 days ago
I agree. Altering the original data during the investigation phase can lead to inaccurate conclusions and compromise the entire incident response.
upvoted 0 times
...
Carolann
28 days ago
That's correct. It's important to preserve the original data to ensure the integrity of the investigation process.
upvoted 0 times
...
Carisa
1 months ago
Yes, you're right. During the investigation phase, we need to carefully collect and analyze the evidence without changing anything.
upvoted 0 times
...
...
Leota
2 months ago
I agree with Salina, in the Investigation phase, they gather information without altering data.
upvoted 0 times
...
Salina
2 months ago
I think the team will extract information in the Investigation phase.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77