CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

An organization has discovered suspicious activity suggesting a potential breach of their financial database. As part of the incident response, the analyst must ensure the admissibility of logs as evidence. What is the most appropriate step for the analyst to take immediately after isolating the affected system to ensure that the logs can be used for legal proceedings?

  • Generate and document cryptographic hashes of the logs to ensure their integrity

  • Encrypt the logs with a public key to secure the contents from unauthorized access

  • Create a detailed procedure log for the incident response steps taken

  • Apply secure time-stamping protocols to the logs to prevent future alterations

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:
Incident Response and Management
Security Operations
Vulnerability Management
Reporting and Communication