What information is gathered by the CSIRT when determining the scope of a security incident?
- the networks, systems, and applications affected by an incident
- the strategies and procedures used for incident containment
- the processes used to preserve evidence
- the amount of time and resources needed to handle an incident
| Answers Explanation & Hints:
The scoping activity performed by the CSIRT after an incident determines which networks, systems, or applications are affected; who or what originated the incident; and how the incident is occurring. |