What action should be taken to preserve evidence after a security incident?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Cabin Crew Test with our comprehensive study materials. Practice with flashcards and multiple choice questions, each with detailed hints and explanations. Get ready to soar through your exam!

Multiple Choice

What action should be taken to preserve evidence after a security incident?

Explanation:
Preserving evidence is about keeping the data and artifacts from a security incident intact so they can be analyzed later. This means avoiding any alterations to systems or records, and instead capturing and securing logs, system images, configurations, and a clear timeline of what happened. A proper process also includes documenting every action taken during the incident and maintaining a clear chain of custody, often in coordination with incident response and legal or compliance teams. By doing this, you create a reliable record that supports investigation, forensics, and post-incident learning. That’s why this option is the best. It explicitly calls for preserving evidence and providing a detailed account as part of security procedures, which protects the integrity of the investigation and helps determine what occurred and how to prevent recurrence. The other choices would undermine investigation: sharing sensitive details publicly can expose confidential information and hinder response; deleting logs destroys crucial data; and waiting or deferring the process can let the incident worsen and lose important evidence.

Preserving evidence is about keeping the data and artifacts from a security incident intact so they can be analyzed later. This means avoiding any alterations to systems or records, and instead capturing and securing logs, system images, configurations, and a clear timeline of what happened. A proper process also includes documenting every action taken during the incident and maintaining a clear chain of custody, often in coordination with incident response and legal or compliance teams. By doing this, you create a reliable record that supports investigation, forensics, and post-incident learning.

That’s why this option is the best. It explicitly calls for preserving evidence and providing a detailed account as part of security procedures, which protects the integrity of the investigation and helps determine what occurred and how to prevent recurrence. The other choices would undermine investigation: sharing sensitive details publicly can expose confidential information and hinder response; deleting logs destroys crucial data; and waiting or deferring the process can let the incident worsen and lose important evidence.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy