Certified Network Defender (CND) — Question 176

Which of the following is not part of the recommended first response steps for network defenders?

Answer options

• A. Restrict yourself from doing the investigation
• B. Extract relevant data from the suspected devices as early as possible
• C. Disable virus protection
• D. Do not change the state of the suspected device

Correct answer: B

Explanation

The correct answer is B because extracting relevant data is crucial and should be done as soon as possible. Options A, C, and D are all actions that should be taken to preserve the integrity of the investigation and protect the evidence.