which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware?
Which of the following incident response procedures would he need to perform in order to begin the analysis?