A company's network has been breached, and sensitive customer data may have been compromised. What is the first step in documenting this incident?
Create a final incident report
Delete all related log files
Immediately contact law enforcement
Create a detailed initial report
The correct answer is to create a detailed initial report. This is the first and most crucial step in documenting an incident. It establishes the foundation for the entire incident response process and helps maintain the integrity of the investigation. The initial report should include the date, time, and nature of the incident, as well as any immediate observations or actions taken. This document becomes the starting point for the chain of custody, which is essential for potential legal proceedings.
While contacting law enforcement is important, it's not the first step in documentation. Similarly, creating a final report comes after the investigation is complete, not at the beginning. Deleting log files is never a correct action, as it destroys valuable evidence and violates proper incident response procedures.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.