Q: 3
The physical security department received a report that an unauthorized person followed an
authorized individual to enter a secured premise. The incident was documented and given to a
security specialist to analyze. Which step should be taken at this stage?
Options
Discussion
Makes sense to focus on tracking movement in this context. D
Don't think it's A or B since those are more about asset identification, not tracking intrusion. C is a control change, which is done after analysis. I'd definitely choose D here, as the first thing for a security specialist is tracing the attacker's movement to see what areas or systems could be impacted. Pretty standard IR process, but correct me if I'm missing something.
Its D. You want to figure out where the unauthorized person went inside, track their movement first. That way you can assess risk and any potential exposure. Pretty sure that's the right IR step here.
Be respectful. No spam.
