A very interesting story in http://www.infoworld.com/article/2909219/security/secrets-are-the-enemy-of-a-good-security-defense.html on unexpected answers:
In an earlier life, I was an EMT paramedic. Every good emergency care provider learns to ask the patient what’s wrong or what hurts — even when the illness or injury appears obvious. For example, I once arrived on a scene where a 17-year-old teenager had driven her car into a stationary vehicle. She was sitting in the front seat with her legs dangling out of the open driver’s door. As I walked up, I could see a fractured femur bone sticking up through her jeans.
Still, I asked her the question, “Where does it hurt?”
A few of the firemen behind me laughed, and one said, “I can tell where it hurts!”
The issue: The article continues:
Actually, I too fully expected her to say that her leg hurt, but she didn’t. Instead, she said, “My stomach hurts.” With that, I got her into the ambulance as quickly as possible without spending a lot of time splinting the leg and started an IV. I told the ambulance driver to hurry.
She began to cough up copious amounts of blood. Her blood pressure dropped and she became unconscious, due to internal tears and bleeding. They were able to save her life, thanks to the early IV, a fast trip to the hospital, and emergency surgery.
Even though you think you know the answer, asking the obvious question is key to saving the patient. The same applies to cyber forensics and defense: I can’t do my job to the best of my abilities if I don’t know what hurts the patient the most.
Sometimes, the answer to a question is not the obvious one suggested by the question and the apparent situation.