Bird
0
0

During a post-incident review, the team finds conflicting information in logs. What should they do?

medium📝 Analysis Q7 of 15
Cybersecurity - Incident Response
During a post-incident review, the team finds conflicting information in logs. What should they do?
AAssume the attacker manipulated all logs
BIgnore the conflicts and finalize the report
CDelete conflicting logs to simplify analysis
DVerify log sources and cross-check with other evidence
Step-by-Step Solution
Solution:

  1. Step 1: Recognize the importance of accurate data

    Conflicting logs require verification to avoid wrong conclusions.

  2. Step 2: Choose the best approach to resolve conflicts

    Verifying sources and cross-checking ensures accurate findings.

  3. Final Answer:

    Verify log sources and cross-check with other evidence -> Option D

  4. Quick Check:

    Conflicts = Verify and cross-check [OK]
Quick Trick: Always verify conflicting data before conclusions [OK]
Common Mistakes:
MISTAKES
  • Ignoring conflicts
  • Deleting logs without analysis

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Advanced Threat Protection - Endpoint Detection and Response (EDR) - Quiz 15hard Compliance and Governance - GDPR requirements - Quiz 1easy Digital Forensics - Log forensics - Quiz 13medium Digital Forensics - Disk imaging and analysis - Quiz 15hard Incident Response - Incident response lifecycle - Quiz 10hard Security Architecture and Design - Why secure design prevents vulnerabilities - Quiz 12easy Security Architecture and Design - Network segmentation - Quiz 12easy Security Architecture and Design - Secure SDLC practices - Quiz 15hard Security Architecture and Design - Microservices security architecture - Quiz 10hard Security Architecture and Design - Threat modeling (STRIDE, DREAD) - Quiz 8hard