An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

Rationale

Routing table

The routing table should be the first piece of data collected to ensure preservation of sensitive information before isolating the server. It contains critical network configuration details that can aid in understanding the server's communication pathways and potential security breaches.

A (Hard disk) YOUR ANSWER

Collecting the hard disk should not be the initial step as it may involve shutting down the server, risking potential loss or alteration of volatile data crucial for the investigation. Preserving network configuration data like the routing table should take precedence.

B (Primary boot partition) YOUR ANSWER

The primary boot partition contains the operating system files necessary for system startup, but it is not the immediate priority for evidence collection when sensitive information preservation is crucial. Network-related data should be gathered first.

C (Malicious files) YOUR ANSWER

While identifying and collecting malicious files is essential for the investigation, securing the routing table is a higher priority to understand the server's network connections and potential entry points for attackers.

D (Routing table) CORRECT

The routing table is vital for preserving sensitive information and understanding network configurations before isolating the server. It helps in mapping out network traffic and potential security vulnerabilities.

E (Static IP address) YOUR ANSWER

Although the static IP address is a valuable piece of information for network identification, collecting the routing table first is more crucial to assess the server's network connections and potential threats.

Conclusion

In an incident response scenario involving IoCs in a critical server, the immediate collection of the routing table is essential to preserve sensitive information and understand the server's network setup. This initial step can provide crucial insights into the server's communication pathways, aiding in further investigation and mitigation of security incidents.

An incident response team found IoCs in a critical server. The team needs to isolate and collect technical evidence for further investigation. Which of the following pieces of data should be collected first in order to preserve sensitive information before isolating the server?

Routing table

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test