A possible breach of an organization’s IT system is reported by the project manager. What is the FIRST thing
the incident response manager should do?
A.
Run a port scan on the system
B.
Disable the logon ID
C.
Investigate the system logs
D.
Validate the incident
Explanation:
When investigating a possible incident, it should first be validated. Running a port scan on the system, disabling the logon IDs and investigating the system logs may be required based on preliminary forensic investigation,
but doing so as a first step may destroy the evidence.