In which phase of the NIST incident response life cycle is evidence gathered that can assist subsequent investigations by authorities?
- postincident activities
- detection and analysis
- preparation
- containment, eradication, and recovery
Explanation: NIST defines four phases in the incident response process life cycle. It is in the containment, eradication, and recovery phase that evidence is gathered to resolve an incident and to help with subsequent investigations.
Exam with this question: Modules 26 - 28: Analyzing Security Data Group Exam
Please login or Register to submit your answer