[&] What should be verified during the analysis phase of a phishing incident?
- The number of new hires in the organization
- The credibility of identified indicators of compromise
- Employee satisfaction levels
- The hardware inventory list

[&] Which phase of the NIST incident response process involves identifying if emails have been read and attachments opened during a phishing attack?
- Detection
- Preparation
- Recovery
- Containment

[&] What is a key component of the preparation phase in a phishing response playbook?
- Eradicating malicious software from endpoints
- Creating a list of all domains owned by the company
- Analyzing email headers for suspicious activity
- Monitoring internet connections for phishing links