Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 4 Question 56 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 56
Topic #: 4
[All CAS-004 Questions]

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Show Suggested Answer Hide Answer
Suggested Answer: A

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/


by Dianne at Jul 14, 2024, 04:22 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Clorinda
25 days ago
Verification? Yeah, that's probably a good idea. Maybe the analyst should have triple-checked the machine before pressing the power button. Hindsight is 20/20, they say.
upvoted 0 times
Madalyn
8 days ago
A) Order of volatility
upvoted 0 times
...
...
Slyvia
30 days ago
Secure storage, huh? I bet the analyst just tossed the machine in the break room fridge for safekeeping. You know, keeping it on ice and all.
upvoted 0 times
Kiera
6 days ago
C) Verification
upvoted 0 times
...
Jenelle
7 days ago
B) Chain of custody
upvoted 0 times
...
Isidra
11 days ago
A) Order of volatility
upvoted 0 times
...
...
Alline
1 months ago
Chain of custody is the way to go here. Gotta keep that evidence secure and properly documented, right? I hope the analyst didn't mess up the paperwork too.
upvoted 0 times
Michell
4 days ago
C) Verification
upvoted 0 times
...
Xuan
9 days ago
B) Chain of custody
upvoted 0 times
...
Cyndy
12 days ago
A) Order of volatility
upvoted 0 times
...
...
Rhea
2 months ago
Order of volatility - duh! The security analyst should have known that turning off the machine would result in losing crucial evidence. Rookie move.
upvoted 0 times
...
Peggy
2 months ago
Ah, the classic 'turn it off and on again' mistake. I guess the analyst was trying to channel their inner IT support persona.
upvoted 0 times
Eric
13 days ago
C) Verification
upvoted 0 times
...
Remedios
1 months ago
B) Chain of custody
upvoted 0 times
...
Tammi
1 months ago
A) Order of volatility
upvoted 0 times
...
...
Glory
2 months ago
Yes, the order of volatility ensures that the most volatile evidence is collected first to prevent data loss.
upvoted 0 times
...
Bettye
2 months ago
I agree with Cassandra, the order of volatility is important in preserving evidence.
upvoted 0 times
...
Cassandra
2 months ago
The security analyst should have followed the order of volatility.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77