{"id":165,"date":"2021-01-17T05:20:03","date_gmt":"2021-01-16T17:49:23","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/CISSP\/certified-information-systems-security-professional-cissp-question158\/"},"modified":"2021-01-17T05:23:53","modified_gmt":"2021-01-17T05:23:53","slug":"certified-information-systems-security-professional-cissp-question158","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/CISSP\/certified-information-systems-security-professional-cissp-question158\/","title":{"rendered":"Certified Information Systems Security Professional &#8211; CISSP &#8211; Question158"},"content":{"rendered":"<div class=\"question\">A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established.<br \/>\nWhat MUST be considered or evaluated before performing the next step? <br \/><strong><br \/>A.<\/strong> Notifying law enforcement is crucial before hashing the contents of the server hard drive <br \/><strong>B.<\/strong> Identifying who executed the incident is more important than how the incident happened <br \/><strong>C.<\/strong> Removing the server from the network may prevent catching the intruder <br \/><strong>D.<\/strong> Copying the contents of the hard drive to another storage device may damage the evidence<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>C<\/strong><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step? A. Notifying law enforcement is crucial before hashing the contents of the server hard [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,391,161],"class_list":["post-165","post","type-post","status-publish","format-standard","hentry","category-certified-information-systems-security-professional-cissp","tag-certified-information-systems-security-professional-cissp","tag-choices","tag-question-158"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/posts\/165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/comments?post=165"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/posts\/165\/revisions"}],"predecessor-version":[{"id":555,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/posts\/165\/revisions\/555"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/media?parent=165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/categories?post=165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/CISSP\/wp-json\/wp\/v2\/tags?post=165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}