What this objective tests
CS0-003 Incident Response and Management — Key Topics
Incident Response questions test the IR lifecycle phases, evidence handling, containment strategies, and regulatory notification timelines.
- IR phases: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
- Evidence preservation: chain of custody, write-blockers, and forensic imaging before analysis.
- Containment strategies: isolate vs shut down — choosing based on business continuity vs evidence preservation.
- Notification timelines: regulatory requirements (GDPR 72 hours, US state laws) and internal escalation paths.