[&] What should be verified during the analysis phase of a phishing incident?
- The number of new hires in the organization
- The credibility of identified indicators of compromise -- Correct
- Employee satisfaction levels
- The hardware inventory list

[&] Which phase of the NIST incident response process involves identifying if emails have been read and attachments opened during a phishing attack?
- Detection
- Preparation
- Recovery
- Containment -- Correct

[&] What is a key component of the preparation phase in a phishing response playbook?
- Eradicating malicious software from endpoints
- Creating a list of all domains owned by the company -- Correct
- Analyzing email headers for suspicious activity
- Monitoring internet connections for phishing links