PrepAway - Latest Free Exam Questions & Answers

Which of the following steps of incident handling has b…

A network technician was tasked to respond to a compromised workstation. The technician documented the
scene, took the machine offline, and left the PC under a cubicle overnight. Which of the following steps of
incident handling has been incorrectly performed?

PrepAway - Latest Free Exam Questions & Answers

A.
Document the scene

B.
Forensics report

C.
Evidence collection

D.
Chain of custody

Explanation:
To verify the integrity of data since a security incident occurred, you need to be able to show a chain of custody.
A chain of custody documents who has been in possession of the data (evidence) since a security breach
occurred. A well-prepared organization will have process and procedures that are used when an incident
occurs.
A plan should include first responders securing the area and then escalating to senior management and
authorities when required by policy or law. The chain of custody also includes documentation of the scene,
collection of evidence, and maintenance, e-discovery (which is the electronic aspect of identifying, collecting,
and producing electronically stored information), transportation of data, forensics reporting, and a process to
preserve all forms of evidence and data when litigation is expected. The preservation of the evidence, data, and
details is referred to as legal hold.


Leave a Reply