Which of the following is listed among recovery models?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Which of the following is listed among recovery models?

Explanation:
Centralized logging is essential in recovery because, after an incident, you need a complete, reliable record of what happened to understand the attack, validate what needs to be restored, and verify that systems are clean before returning to normal operation. A centralized log repository, often implemented as a SIEM/SIM, collects and preserves events from across the environment, allowing you to reconstruct timelines, identify affected assets, and confirm that remediation steps were effective. This single source of truth supports post-incident forensics, compliance reporting, and informed decision-making during restoration. The other options focus more on prevention, detection, or performance rather than the recovery process. Enhanced network visibility aids understanding of the current state during an incident, security awareness training reduces human risk, and improving network performance targets efficiency and reliability but does not directly support the recovery-and-restore phase like centralized logging does.

Centralized logging is essential in recovery because, after an incident, you need a complete, reliable record of what happened to understand the attack, validate what needs to be restored, and verify that systems are clean before returning to normal operation. A centralized log repository, often implemented as a SIEM/SIM, collects and preserves events from across the environment, allowing you to reconstruct timelines, identify affected assets, and confirm that remediation steps were effective. This single source of truth supports post-incident forensics, compliance reporting, and informed decision-making during restoration.

The other options focus more on prevention, detection, or performance rather than the recovery process. Enhanced network visibility aids understanding of the current state during an incident, security awareness training reduces human risk, and improving network performance targets efficiency and reliability but does not directly support the recovery-and-restore phase like centralized logging does.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy