After a security incident, the incident response team needs to determine the sequence of events that led to the initial compromise. Which phase of the incident response process does this activity represent?
More Security Operations Questions
22 questions
Full CompTIA SecurityX Practice Test
All topics covered
All CompTIA SecurityX Questions
Browse by topic
Related Questions
Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...
Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...
A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...
A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter ne...
A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresse...
Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy
Discussion
Be the first to share your understanding of this concept
Sign in to join the discussion