PrepAway - Latest Free Exam Questions & Answers

What type of backup is obtained during the Containment phase of Incident Response?

What type of backup is obtained during the Containment phase of Incident Response?

PrepAway - Latest Free Exam Questions & Answers

A.
Incremental

B.
Full

C.
Differential

D.
Binary

Explanation:
Answer D is correct; binary, or bit by bit, backups are what is obtained during the containment phase of incident response. Strong preference is also for a forensically sound binary backup that leverages a hashing algorithm to convey reliability. The other types of backups will not capture unallocated space, and could cause the analyst to miss some data that had been marked for deletion.

Incorrect Answers and Explanations: A, B, and C: Answers A, B, and C are incorrect. Incremental, Full, and Differential are all common backup techniques, but will only backup allocated space rather than the full drive. These techniques are used for simple backup/restore capabilities rather than incident response or forensics.

One Comment on “What type of backup is obtained during the Containment phase of Incident Response?


Leave a Reply