Free CompTIA CySA+ CS0-003 Practice Question

During an investigation following a security breach, an analyst is tasked with identifying the source of the intrusion. Which of the following is the BEST method for the analyst to maintain the integrity of the evidence?

  • Taking images of the system to be reviewed by the security team.

  • Generating a timestamp for each file on the system immediately upon acquisition.

  • Creating a cryptographic hash of the storage media before analysis.

  • Making several copies of the system's database for cross-reference.

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.