Which of the following is MOST important to complete during the recovery phase of an incident response process before bringing affected systems back online?
A.
Record and close security incident tickets.
B.
Test and verify that compromisedsystems are clean.
C.
Document recovery steps for senior management reporting.
D.
Capture and preserve forensic images of affected systems.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit