Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?
Computer forensics is the BEST approach to determine what activities and changes have occurred on a system during a cybersecurity incident. It involves the systematic collection, analysis, and preservation of digital evidence to:
Understand the scope of the incident.
Reconstruct the sequence of events.
Identify the attacker’s activities and the impact of their actions.
Computer forensics is specifically designed to analyze systems post-incident, making it the most appropriate choice for investigating and understanding cybersecurity incidents.
D- for changes that have occurred and already in the systems can only be found through forensics. C- would enable only current state monitoring
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte
Highly Voted 3 months, 3 weeks agomb141
Most Recent 4 weeks agoshootnot
2 months, 3 weeks ago