Certified Network Defender (CND) — Question 142

Which phase of incident response process involves collection of incident evidence and sending them to forensic department for further investigation?

Answer options

• A. Incident containment
• B. Incident recording and assignment
• C. Eradication
• D. Preparation for incident response

Correct answer: B

Explanation

The correct answer is B, as this phase specifically focuses on documenting the incident and collecting evidence for further examination. Options A, C, and D do not pertain to the gathering and forwarding of evidence; they involve different aspects of the incident response process.