Which software development security practice BEST supports forensic investigation after a security incident?
Code obfuscation
Formal verification of algorithms
Regular penetration testing
Comprehensive event logging with proper timestamps
The correct answer is Comprehensive event logging with proper timestamps. Comprehensive event logging with proper timestamps is crucial for forensic investigation as it provides a historical record of system activities that can be analyzed to understand the sequence of events during a security incident. Properly implemented logging captures details about what happened, when it happened, and who was involved, enabling investigators to reconstruct the incident timeline and determine how an attack occurred and what was affected.
Formal verification of algorithms is incorrect because formal verification of algorithms helps prevent vulnerabilities but does not assist in investigating incidents after they occur. It's a preventative measure rather than a forensic aid.
Regular penetration testing is incorrect because regular penetration testing helps identify vulnerabilities before they can be exploited but doesn't provide information about actual incidents. Penetration testing is preventative and occurs before incidents rather than supporting investigation afterward.
Code obfuscation is incorrect because code obfuscation aims to prevent reverse engineering of applications but doesn't help with forensic investigation. In fact, obfuscation might hinder internal investigation efforts if incident responders need to analyze the code to understand an attack.
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
All IT & Cybersecurity Package plans include the following perks and exams .
Our pricing is simple. Full access to all certifications and exams in each package, for one price.
As many practice tests for as many topics as you want.
Use study mode non-stop, no limits.
Access to our AI assistant, Bash, trained to help you pass your exam.
Track your scores over time in study mode and report cards.
See how you improve over time, and where you need to focus.
Access our store with even bigger discounts than before.
Unlimited access to all performance questions and be prepared for the real thing.
All IT & Cybersecurity Package plans include unlimited access to the following study materials.
Create an account or sign in to access our study materials.