Free CompTIA CySA+ CS0-003 Practice Question

An analyst is responsible for collecting hard drives from compromised systems after a security breach to facilitate a forensic investigation. Which of the following best ensures that the integrity of the evidence is maintained and admissible in court?

  • Marking the hard drives with identification tags that include a case number and the date of acquisition.

  • Using standardized forms to document who accessed the evidence, the date/time of access, and the purpose of handling, each time the evidence is handled.

  • Quickly acquiring the evidence before it can be tampered with by unauthorized personnel.

  • Ensuring that the evidence is stored in a secure location with restricted access.

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.