ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
You are the first responder to a suspected data-exfiltration incident on a powered-on Windows file server in the company's data center. Digital evidence may later be needed in court, so you must follow accepted evidence-handling procedures. According to NIST guidance, which initial action should you perform before interacting with the system?
Open a chain-of-custody log and record the date, time, location, and your identity.
Pull the network cable to stop data exfiltration, then photograph the server connections.
Install vendor patches to close the suspected vulnerability before evidence is collected.
Create a forensic disk image of all attached drives using a hardware write-blocker.
NIST SP 800-86 and other accepted forensic guidelines state that a chain-of-custody record must begin the moment evidence is first identified. Documenting who collected the system, when, where, and under what circumstances establishes the evidentiary trail required for admissibility. Disconnecting power or networking, imaging the drive, or applying patches may all be necessary later, but doing any of them before formally initiating the chain-of-custody log risks creating an evidentiary gap that could lead to challenges in court.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a chain-of-custody log important in digital evidence collection?
Open an interactive chat with Bash
What does NIST SP 800-86 recommend for forensic evidence handling?
Open an interactive chat with Bash
Why is performing actions like disconnecting power or network cables before documenting risky for evidence collection?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Incident Response and Recovery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .