Very often, much of the intrusion analysis phase is done by ________.
A) discussing issues with all members of the CSIRT
B) reading through log files
C) discussing issues with the business continuity team
D) querying databases

Question

Quizplus · Accepted Answer

Reading through log files is a common method used in the intrusion analysis phase to understand the nature and extent of a security breach. Log files provide a record of system activities and can help identify unauthorized access or other security incidents.

Very Often, Much of the Intrusion Analysis Phase Is Done