Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Logical Operations Exam CFR-210 Topic 4 Question 66 Discussion

Actual exam question for Logical Operations's CFR-210 exam
Question #: 66
Topic #: 4
[All CFR-210 Questions]

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Eva at Jun 23, 2024, 10:40 PM

Limited Time Offer

25%

Off

Get Premium CFR-210 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cordell
1 months ago
Wait, so we're supposed to be forensic investigators, not secret agents. Maybe we should just send the employee a strongly worded email and see if they fess up to anything. That's how they do it in the movies, right?
upvoted 0 times
Shawana
16 hours ago
C: It's important to maintain transparency, so notifying the user about the investigation is the right approach.
upvoted 0 times
...
Carlota
8 days ago
B: I agree, we should confiscate the workstation and perform a search on the asset.
upvoted 0 times
...
Karan
18 days ago
A: We can't just send a strongly worded email, we need to follow proper procedures.
upvoted 0 times
...
...
Karl
2 months ago
Option B is the way to go, hands down. Gotta strike while the iron's hot, you know? No need to give the employee a heads up and risk them covering their tracks. Let's just get that workstation and dig in!
upvoted 0 times
Mike
25 days ago
B) I agree, we need to act quickly and not give the employee a chance to hide any evidence.
upvoted 0 times
...
Jaclyn
1 months ago
C) Confiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.
upvoted 0 times
...
Aimee
1 months ago
B) Confiscate the workstation while the suspected employee is out of the office, and perform a search on the asset.
upvoted 0 times
...
...
Desirae
2 months ago
Haha, confiscating the workstation while the employee is out? That's like something straight out of a spy movie! But in all seriousness, Option C is probably the best way to go - you don't want to risk the employee tampering with the evidence.
upvoted 0 times
...
Bernardo
2 months ago
I'm not sure... Option D seems like the more ethical approach. Being upfront with the employee and providing transparency could help build trust and cooperation. But I guess it depends on the specific circumstances.
upvoted 0 times
Son
1 months ago
B: Yeah, I agree. It's always best to be upfront with employees to maintain trust and cooperation.
upvoted 0 times
...
Brinda
2 months ago
A: Option D does seem like the more ethical approach. Transparency is important in these situations.
upvoted 0 times
...
...
Deane
2 months ago
Option C is the way to go! Confiscating the workstation and creating a forensic image ensures the integrity of the evidence. Plus, the employee doesn't need to know the details yet - better to keep them in the dark.
upvoted 0 times
...
Mary
2 months ago
I think option C is better. Performing the search on a bit-for-bit image ensures the integrity of the investigation.
upvoted 0 times
...
Shawn
3 months ago
I agree with Gennie. It's important to be transparent with the user to maintain trust.
upvoted 0 times
...
Gennie
3 months ago
I think option D is the best course of action. Transparency is important in these situations.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77