Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 4 Question 56 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 56
Topic #: 4
[All CAS-004 Questions]

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Show Suggested Answer Hide Answer
Suggested Answer: A

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/


by Dianne at Jul 14, 2024, 04:22 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Clorinda
1 months ago
Verification? Yeah, that's probably a good idea. Maybe the analyst should have triple-checked the machine before pressing the power button. Hindsight is 20/20, they say.
upvoted 0 times
Madalyn
16 days ago
A) Order of volatility
upvoted 0 times
...
...
Slyvia
1 months ago
Secure storage, huh? I bet the analyst just tossed the machine in the break room fridge for safekeeping. You know, keeping it on ice and all.
upvoted 0 times
Kiera
13 days ago
C) Verification
upvoted 0 times
...
Jenelle
14 days ago
B) Chain of custody
upvoted 0 times
...
Isidra
18 days ago
A) Order of volatility
upvoted 0 times
...
...
Alline
2 months ago
Chain of custody is the way to go here. Gotta keep that evidence secure and properly documented, right? I hope the analyst didn't mess up the paperwork too.
upvoted 0 times
Michell
12 days ago
C) Verification
upvoted 0 times
...
Xuan
16 days ago
B) Chain of custody
upvoted 0 times
...
Cyndy
20 days ago
A) Order of volatility
upvoted 0 times
...
...
Rhea
2 months ago
Order of volatility - duh! The security analyst should have known that turning off the machine would result in losing crucial evidence. Rookie move.
upvoted 0 times
...
Peggy
2 months ago
Ah, the classic 'turn it off and on again' mistake. I guess the analyst was trying to channel their inner IT support persona.
upvoted 0 times
Danica
3 days ago
D) Secure storage
upvoted 0 times
...
Eric
20 days ago
C) Verification
upvoted 0 times
...
Remedios
1 months ago
B) Chain of custody
upvoted 0 times
...
Tammi
1 months ago
A) Order of volatility
upvoted 0 times
...
...
Glory
2 months ago
Yes, the order of volatility ensures that the most volatile evidence is collected first to prevent data loss.
upvoted 0 times
...
Bettye
3 months ago
I agree with Cassandra, the order of volatility is important in preserving evidence.
upvoted 0 times
...
Cassandra
3 months ago
The security analyst should have followed the order of volatility.
upvoted 0 times
...

Save Cancel
a