After reviewing firewall, IDS, and endpoint logs, an incident handler is asked to define the scope of a ransomware attack for the official incident report. Which piece of information will provide the strongest basis for estimating impact and coordinating immediate remediation efforts?
The incident scope revolves around knowing exactly which hosts, applications, or data sets have been compromised. Documenting the affected systems lets responders gauge business impact, isolate or shut down the right assets, and assign remediation tasks. While data-loss totals, vulnerability lists, and attack attribution all add context, none enables rapid containment and recovery as directly as an inventory of the affected systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is identifying affected systems critical in incident response?
Open an interactive chat with Bash
How does identifying affected systems differ from calculating data exfiltrated?
Open an interactive chat with Bash
What tools or methods can be used to identify affected systems after an incident?