🎖️🏵️ Memorial Weekend Sale — 30% off🎖️🏵️

CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA CySA+ CS0-003 Practice Question

During an incident response, a security analyst needs to ensure that a copy of a potentially compromised server's hard drive is acquired for analysis. Which of the following is the BEST method to ensure that the evidence is admissible in court?

  • Taking photographs of the server and its connections for documentation

  • Copying files from the server to an external hard drive directly

  • Creating a bit-for-bit image of the original drive using a write blocker

  • Implementing remote mirroring to another server and capturing the replication data

This question is for objective:
Incident Response and Management
Your Score:
Incident Response and Management
Security Operations
Vulnerability Management
Reporting and Communication