A payroll administrator noticed unexpected changes within a piece of software and reported the incident to the incident response team.
Which actions should be taken at this step in the incident response workflow?
A . Classify the criticality of the information, research the attacker’s motives, and identify missing patches
B . Determine the damage to the business, extract reports, and save evidence according to a chain of custody
C . Classify the attack vector, understand the scope of the event, and identify the vulnerabilities being exploited
D . Determine the attack surface, evaluate the risks involved, and communicate the incident according to the escalation plan
Answer: B
Latest 350-201 Dumps Valid Version with 139 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund