CS0-003 Incident Response and Management • Set 2
CS0-003 Incident Response and Management Practice Test 2 — 15 questions with explanations. Free, no signup.
A server suspected of running fileless malware is still powered on. Which evidence should be captured first if it is safe to do so? During detection and analysis, which decision is most defensible?