which of the following actions should be done as a firs…

When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of
the following actions should be done as a first step if you wish to prosecute the attacker in court?

When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of
the following actions should be done as a first step if you wish to prosecute the attacker in court?

A.
Back up the compromised systems.

B.
Identify the attacks used to gain access.

C.
Capture and record system information.

D.
Isolate the compromised systems.

Explanation:
For a crime to be successfully prosecuted, solid evidence is required. Computer forensics is the art of retrieving
this evidence and preserving it in the proper ways to make it admissible in court. Related system information
must be captures and recorded.
Incorrect Answers:
A: To backup up a compromised system is a good idea, but it is not required for prosecution.
B: Identifying the attacks would be a useful further step, but first the evidence must be safeguarded.
D: To isolate a compromised system is a good idea, but it is not required for prosecution.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1052



Leave a Reply 0

Your email address will not be published. Required fields are marked *