CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

An organization has discovered suspicious activity suggesting a potential breach of their financial database. As part of the incident response, the analyst must ensure the admissibility of logs as evidence. What is the most appropriate step for the analyst to take immediately after isolating the affected system to ensure that the logs can be used for legal proceedings?

  • Encrypt the logs with a public key to secure the contents from unauthorized access

  • Apply secure time-stamping protocols to the logs to prevent future alterations

  • Create a detailed procedure log for the incident response steps taken

  • Generate and document cryptographic hashes of the logs to ensure their integrity

Subscribe to avoid duplicate questions and track your progress over time

Your Score:
Incident Response and Management
Security Operations
Vulnerability Management
Reporting and Communication
CompTIA CySA+ CS0-003
  • Security Operations
  • Vulnerability Management
  • Incident Response and Management
    • This question is filed here
  • Reporting and Communication