First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A) CPU, process state tables, and main memory dumps
B) Essential information needed to perform data restoration to a known clean state
C) Temporary file system and swap space
D) Indicators of compromise to determine ransomware encryption
E) Chain of custody information needed for investigation

Question

Quizplus · Accepted Answer

The Answer of First responders, who are part of a core incident response team, have been working to contain an outbreak of ransomware that also led to data loss in a rush to isolate the three hosts that were calling out to the NAS to encrypt whole directories, the hosts were shut down immediately without investigation and then isolated. Which of the following were missed? (Choose two.)
A) CPU, process state tables, and main memory dumps
B) Essential information needed to perform data restoration to a known clean state
C) Temporary file system and swap space
D) Indicators of compromise to determine ransomware encryption
E) Chain of custody information needed for investigation

First Responders, Who Are Part of a Core Incident Response