A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?
A) Classify the criticality of the information, research the attacker's motives, and identify missing patches
B) Determine the damage to the business, extract reports, and save evidence according to a chain of custody
C) Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
D) Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

Question

Quizplus · Accepted Answer

The Answer of A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team. Which actions should be taken at this step in the incident response workflow?
A) Classify the criticality of the information, research the attacker's motives, and identify missing patches
B) Determine the damage to the business, extract reports, and save evidence according to a chain of custody
C) Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
D) Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan

A Payroll Administrator Noticed Unexpected Changes Within a Piece of Software