Q: 3
The physical security department received a report that an unauthorized person followed an
authorized individual to enter a secured premise. The incident was documented and given to a
security specialist to analyze. Which step should be taken at this stage?
Options
Discussion
D . The specialist needs to map the attacker's route before figuring out assets touched or changing controls. That's standard investigation flow. Pretty sure that's what they're looking for here, but could see how B might confuse some folks.
D . Specialist needs to trace the intruder's movement before jumping to controls or asset inventory. B is tempting but you can't ID handled assets until you know where they went, right? Open to disagreement though.
Why not B here? Seen something similar in exam reports but wasn't 100% on D over B.
Makes sense to focus on tracking movement in this context. D
Don't think it's A or B since those are more about asset identification, not tracking intrusion. C is a control change, which is done after analysis. I'd definitely choose D here, as the first thing for a security specialist is tracing the attacker's movement to see what areas or systems could be impacted. Pretty standard IR process, but correct me if I'm missing something.
A is wrong, D. First step for the specialist is tracing where the unauthorized person moved inside, not listing assets yet.
Its D. You want to figure out where the unauthorized person went inside, track their movement first. That way you can assess risk and any potential exposure. Pretty sure that's the right IR step here.
Be respectful. No spam.
