Logical Operations Exam CFR-210 Topic 4 Question 66 Discussion

Actual exam question for Logical Operations's CFR-210 exam

Question #: 66
Topic #: 4

A forensics investigator has been assigned the task of investigating a system user for suspicion of using a company-owned workstation to view unauthorized content. Which of the following would be a proper course of action for the investigator to take?

ANotify the user that their workstation is being confiscated to perform an investigation, providing no details as to the reasoning.

BConfiscate the workstation while the suspected employee is out of the office, andperform a search on the asset.

CConfiscate the workstation while the suspected employee is out of the office, and perform the search on bit-for-bit image of the hard drive.

DNotify the user that the workstation is being confiscated to perform an investigation, providing complete transparency as to the suspicions.

Show Suggested Answer

Suggested Answer: B

by Eva at Jun 23, 2024, 10:40 PM

Limited Time Offer

25%

24 days ago

I think option D is the best course of action. Transparency is important in these situations.

upvoted 0 times

...