Which incident response phase would include gathering and preserving any evidence?

  • Detection and analysis
  • Post-incident activity
  • Preparation
  • Containment, eradication, and recovery

CompTIA Security+ SY0-601
  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
    • This question is filed here
  • Governance, Risk, and Compliance