Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
A) To have a copy of the file policy enforcement
B) To test the effectiveness of the current assigned policy settings in the Symantec Endpoint Protection Manager (SEPM)
C) To create custom IPS signatures
D) To document and preserve any pieces of evidence associated with the incident
Correct Answer:
Verified
Q115: Which endpoint detection method allows for information
Q116: Refer to the exhibit. An Incident Responder
Q117: An Incident Responder needs to remediate a
Q118: In which scenario would it be beneficial
Q119: Which National Institute of Standards and Technology
Q121: Which policies are required for the quarantine
Q122: When does Real Time Link Following scan
Q123: An organization has five (5) shops with
Q124: Which two actions an Incident Responder take
Q125: Which access credentials does an ATP Administrator
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents