Certified SOC Analyst (CSA) — Question 54
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
Answer options
- A. Evidence Gathering
- B. Evidence Handling
- C. Eradication
- D. Systems Recovery
Correct answer: A
Explanation
The correct answer is A, as the Evidence Gathering stage is when forensic results are analyzed to determine the root cause of the incident. The other stages, such as Evidence Handling, Eradication, and Systems Recovery, focus on managing, eliminating, and restoring systems rather than identifying the cause.