Crucial Exams

CompTIA CySA+ CS0-003 Practice Question

An organization has discovered suspicious activity suggesting a potential breach of their financial database. As part of the incident response, the analyst must ensure the admissibility of logs as evidence. What is the most appropriate step for the analyst to take immediately after isolating the affected system to ensure that the logs can be used for legal proceedings?

  • Encrypt the logs with a public key to secure the contents from unauthorized access

  • Generate and document cryptographic hashes of the logs to ensure their integrity

  • Apply secure time-stamping protocols to the logs to prevent future alterations

  • Create a detailed procedure log for the incident response steps taken

CompTIA CySA+ CS0-003
Incident Response and Management
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $49
CompTIA Cybersecurity Analyst Voucher (CySA+ CS0-003)
$404.00 $355.00
Bash, the Crucial Exams Chat Bot
AI Bot