Certified Information Security Manager (CISM) — Question 84

During a post-incident review, the sequence and correlation of actions must be analyzed PRIMARILY based on:

Answer options

Correct answer: A

Explanation

The correct answer is A, as a consolidated event timeline provides a clear and organized view of the sequence of events, which is crucial for understanding the incident. While logs, interviews, and documents are important, they serve as supplementary information rather than the primary basis for analyzing the action sequence.