# Quiz 1
1. Which of the following terms refers to an internal investigation by an organization to discover if its employees, clients, and partners are abiding by the rules or policies?
  - [ ] Criminal investigation
  - [X] Administrative investigation
  - [ ] Cybercrime investigation
  - [ ] Civil investigation

2. In which of the following phases of the incident response process do investigators analyze, validate, and prioritize an incident?
  - [ ] Preparation for incident handling and response
  - [ ] Eradication
  - [ ] Containment
  - [X] Incident triage

3. Which of the following tasks should be performed if a system/network administrator acts as a first responder?
  - [X] Transfer copies of system logs onto a clean media
  - [ ] Allow tampering of computing systems present at the scene
  - [ ] If an ongoing attack is detected, immediately power down the computing systems
  - [ ] Do not document the details relevant to the incident

4. Which of the following terms refers to the process of examining, identifying, separating, converting, and modeling data to isolate useful information?
  - [ ] Data visualization
  - [X] Data analysis
  - [ ] Data duplication
  - [ ] Data recovery

5. Which of the following forensics investigation report sections includes the tools and techniques used for collecting evidence during the investigation?
  - [ ] Investigation process
  - [X] Evidence information
  - [ ] Executive summary
  - [ ] Evaluation and analysis process