🔥 40% Off Crucial Exams Memberships — This Week Only

2 days, 13 hours remaining!
Crucial Exams

ISC2 Systems Security Certified Practitioner (SSCP) Practice Question

During a post-incident investigation, a security analyst reviews CloudTrail logs, EBS snapshots, and network packet captures related to a suspected data exfiltration from an Amazon S3 bucket. She must deliver a written forensic report to executive management and outside counsel. According to accepted digital forensics practice for presenting objective findings, which approach best ensures the report's conclusions remain defensible and free of bias?

  • Begin the report with the analyst's expert opinions and recommended countermeasures, followed by supporting evidence in an appendix.

  • Cite each observation with its corresponding log entry, timestamp, and hash value, and avoid including unverified opinions or speculation.

  • State that the activity was performed by the primary suspect because their IAM user appeared most frequently in the logs.

  • Remove most technical terminology so non-technical stakeholders can easily read the document, even if some precision is lost.

ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot