Identify the guideline for incident containment that involves collecting all the systems and routers activities before, during, and after the time of occurrence of the incident.Group of answer choicesSafe storageIdentifying risk factorsAcquiring logsStrong password policy

1.Question 1What is the primary purpose of logs during incident investigation?1 pointTo improve user experienceTo manage alert volumesTo provide a record of event detailsTo identify and diagnose system issues2.Question 2A security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?1 pointAuthenticationNetworkSystem Firewall3.Question 3In the following log, what action does the log entry record?[ALLOW: wikipedia.org] Source: 192.167.1.1 Friday, 10 June 2022 11:36:121 point192.167.1.1SourceALLOWFriday, 10 June 2022 11:36:124.Question 4Fill in the blank: _____ is the process of examining logs to identify events of interest. 1 pointLog analysisLoggingLog forwarderLog file

2.Question 2What process is used to provide a blueprint for effective incident response?1 pointThe NIST Cybersecurity FrameworkThe incident handler’s journalThe NIST Incident Response LifecycleThe 5 W’s of an incident

What information is gathered by the CSIRT when determining the scope of a security incident?the strategies and procedures used for incident containmentthe networks, systems, and applications affected by an incidentthe amount of time and resources needed to handle an incidentthe processes used to preserve evidenceNavigation Bar

Question 3In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events?1 pointContainmentPost-incident activityEradication and recoveryCoordination

What is the primary purpose of logs during incident investigation?1 分To improve user experienceTo manage alert volumesTo provide a record of event detailsTo identify and diagnose system issues