Crucial Exams

CompTIA CySA+ CS0-003 Practice Question

During an incident response, a security analyst needs to ensure that a copy of a potentially compromised server's hard drive is acquired for analysis. Which of the following is the BEST method to ensure that the evidence is admissible in court?

  • Implementing remote mirroring to another server and capturing the replication data

  • Copying files from the server to an external hard drive directly

  • Creating a bit-for-bit image of the original drive using a write blocker

  • Taking photographs of the server and its connections for documentation

CompTIA CySA+ CS0-003
Incident Response and Management
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
SAVE $49
CompTIA Cybersecurity Analyst Voucher (CySA+ CS0-003)
$404.00 $355.00
Bash, the Crucial Exams Chat Bot
AI Bot