Which of the following is the LEAST volatile when performing incident response procedures?

In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in
question from the incident manager. Which of the following incident response procedures would he need to
perform in order to begin the analysis? (Choose two.)

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and
sensitive data was extracted. Which of the following incident response procedures is best suited to restore theserver?

After a recent security breach, the network administrator has been tasked to update and backup all router and
switch configurations. The security administrator has been tasked to enforce stricter security policies. All users
were forced to undergo additional user awareness training. All of these actions are due to which of the following
types of risk mitigation strategies?

In which of the following steps of incident response does a team analyze the incident and determine steps to
prevent a future occurrence?

Who should be contacted FIRST in the event of a security breach?

The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems.
Which of the following phases of incident response is MOST appropriate as a FIRST response?

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop
and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to
successfully respond to future incidents. Which of the following stages of the Incident Handling process is the
team working on?

During which of the following phases of the Incident Response process should a security administrator define
and implement general defense against malware?

Which of the following is the MOST important step for preserving evidence during forensic procedures?