- postincident activities
- detection and analysis
- containment, eradication, and recovery
Explanation: NIST defines four phases in the incident response process life cycle. It is in the containment, eradication, and recovery phase that evidence is gathered to resolve an incident and to help with subsequent investigations.
More Questions: Modules 26 – 28: Analyzing Security Data Group Exam