[&] Which of the following is a trigger for performing deep analysis?
- When the incident involves routine IT maintenance
- When the system's uptime is over a year
- When all service level agreements are met
- When the first response confirms malicious activity that is not fully scoped -- Correct

[&] Why is memory forensics prioritized in deep analysis?
- It is legally required to investigate RAM first in incident responses
- Memory forensics is unnecessary and usually skipped
- It is the least volatile source of evidence
- RAM provides crucial information about ongoing processes -- Correct

[&] Which tool is commonly used for memory forensics in endpoint analysis?
- Wireshark
- FTK Imager
- Volatility -- Correct
- GIMP

[&] What is the main goal of deep analysis in incident response?
- To validate incident alerts received from the SOC
- To create a quick report for management reviews
- To develop a thorough understanding of the threat and determine precise containment and recovery -- Correct
- To expedite the reporting process of incidents

[&] What constitutes endpoint analysis within deep analysis in incident response?
- Conducting interviews with all IT personnel.
- Utilizing full memory forensics, disk, registry analysis, and possibly reverse engineering. -- Correct
- Developing encryption protocols for enhanced security.
- Performing detailed schematic reviews of network architecture.