ISC2 Exam ISSMP Topic 1 Question 15 Discussion

Actual exam question for ISC2's Information Systems Security Management Professional exam

Question #: 15
Topic #: 1

[All Information Systems Security Management Professional Questions]

Which of the following steps are generally followed in computer forensic examinations?

Each correct answer represents a complete solution. Choose three.

AAcquire

BAnalyze

CAuthenticate

DEncrypt

Show Suggested Answer

Suggested Answer: A, B, C

The following steps are generally followed in computer forensic examinations.

1.Acquire. In this step, the examiner gets an exact duplicate copy of the original data for investigation. The examiner leaves the original copy intact.

2.Authenticate. In this step, the investigator shows that the data is unchanged and has not been tampered.

3.Analyze. In this step, the examiner analyzes data carefully. The examiner recovers evidence by examining hard disk drives, hidden files, swap data, the Internet cache, and the Recycle bin.

Answer option D is incorrect. Encrypt is not a step followed in computer forensic examinations.

by Izetta at May 07, 2022, 05:03 PM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!