Q: 18
[Introduction to Incident Handling and Response]
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence
with minimal disruption
Identify the correct sequence of steps involved in forensic readiness planning.
Options
Discussion
Yeah B looks right, matches the recommended order in the official courseware. Start by identifying what evidence you need (3) and where it comes from (4), then set policies before getting into training or documentation. I've seen this structure in EC-Council study guides and a couple of practice tests. If anyone has a different official resource showing another sequence, let us know!
B tbh, sequence matches what I remember from other exam reports.
Be respectful. No spam.
