Certified Incident Handler (ECIH v3) — Question 83

An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

Answer options

• A. Incident recording
• B. Reporting
• C. Containment
• D. Identification

Correct answer: D

Explanation

The Identification stage is where the nature of the incident is assessed, which includes auditing log files to gather crucial information about the incident. The other options, such as Incident recording, Reporting, and Containment, focus on different aspects of the incident management process, such as documenting the incident, communicating it, and mitigating its effects, rather than analyzing logs.