CISM Incident Management • Set 7
CISM Incident Management Practice Test 7 — 15 questions with explanations. Free, no signup.
A company experiences a DDoS attack that overwhelms its internet-facing services. The incident response team implements mitigation measures. During which phase of incident response is it most appropriate to collect and preserve evidence for potential legal action?