[&] How does Endpoint Analysis contribute to the containment and eradication phase of incident response?
- Through identifying key persistence mechanisms and malicious software
- By documenting network diagrams to assist with future incident planning
- By upgrading hardware across all endpoints
- By updating software inventory to reflect newly installed applications

[&] What is a core question answered during log analysis as a part of Endpoint Analysis?
- What did the OS or EDR record about the incident?
- How many users are logged in simultaneously?
- Which firewall rules were updated recently?
- When was the last software update applied?

[&] Which type of evidence is used during Endpoint Analysis to determine initial access vectors?
- Software installation reports
- Event logs and memory dumps
- Continuous integration logs
- User interface screenshots

[&] What is the primary purpose of Endpoint Analysis?
- To generate compliance reports for audit purposes
- To improve the graphical user interface of endpoints
- To install security updates automatically
- To examine a single host for evidence of malicious activity

[&] What does memory forensics aim to discover in Endpoint Analysis?
- What software is injected or only running in RAM
- The speed of the processor during peak times
- The amount of RAM available in a system
- Running applications and resource usage