ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Following successful eradication and recovery from a crypto-mining malware outbreak that affected both the on-premises data center and the company's AWS workloads, you are tasked with drafting the official post-incident report for senior management and an industry regulator. To best meet accountability and evidence-integrity requirements, which information must be included in the report?
A granular breakdown of additional AWS service charges incurred during the response and recovery phases
A time-stamped timeline of every containment and investigative action, including the individual or team responsible for each step
A prioritized roadmap of security improvements to be completed in the next quarterly cycle
An executive-level summary that focuses on financial and reputational impact to the organization
A comprehensive post-incident report should capture how the incident unfolded, the actions taken, and who performed them so that management, auditors, or regulators can verify that proper procedures were followed and evidence was protected. A time-stamped chronology that maps each investigative and response step to the individual or team responsible establishes a clear chain of custody and demonstrates due diligence, directly supporting accountability and evidence-integrity objectives.
The detailed AWS cost breakdown is useful for budgeting but does not address accountability or evidence handling.
A high-level business-impact summary is important for executives but does not prove that evidence was properly managed.
An improvement plan helps drive future remediation; however, without a documented timeline of actions and custodians, it does little to establish how evidence was controlled during the incident.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a 'chain of custody' and why is it important in incident reporting?
Open an interactive chat with Bash
What type of information should be included in a time-stamped incident timeline?
Open an interactive chat with Bash
Why is evidence integrity critical during incident handling and reporting?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .