Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam 220-1102 Topic 4 Question 22 Discussion

Actual exam question for CompTIA's 220-1102 exam
Question #: 22
Topic #: 4
[All 220-1102 Questions]

Maintaining the chain of custody is an important part of the incident response process. Which of the following reasons explains why this is important?

Show Suggested Answer Hide Answer
Suggested Answer: C

Maintaining the chain of custody is important to control evidence and maintain integrity. The chain of custody is a process that documents who handled, accessed, or modified a piece of evidence, when, where, how, and why. The chain of custody ensures that the evidence is preserved, protected, and authenticated throughout the incident response process. Maintaining the chain of custody can help prevent tampering, alteration, or loss of evidence, as well as establish its reliability and validity in legal proceedings. Maintaining an information security policy, properly identifying the issue, and gathering as much information as possible are not reasons why maintaining the chain of custody is important. Maintaining an information security policy is a general practice that defines the rules and guidelines for securing an organization's information assets and resources. Properly identifying the issue is a step in the incident response process that involves analyzing and classifying the incident based on its severity, impact, and scope. Gathering as much information as possible is a step in the incident response process that involves collecting and documenting relevant data and evidence from various sources, such as logs, alerts, or witnesses.Reference:

Official CompTIA learning resources CompTIA A+ Core 1 and Core 2, page 26


Contribute your Thoughts:

Fletcher
8 months ago
Ha, yeah, that's a good point. It's all about balance. You need the chain of custody to protect the evidence, but you also need to make sure you're actually, you know, investigating the incident and not just guarding some papers. Gotta keep the big picture in mind.
upvoted 0 times
...
Joye
8 months ago
I agree, C is the way to go. Although, I have to say, option D about gathering as much information as possible is also pretty important. We don't want to just focus on the chain of custody and forget about the actual investigation, you know?
upvoted 0 times
...
Carisa
8 months ago
Exactly! That's why option C is the right answer. Controlling the evidence and maintaining its integrity is the whole purpose of the chain of custody. The other options, while important, don't really get to the heart of why this process is crucial.
upvoted 0 times
...
Shelba
8 months ago
Hmm, this is a tricky one. The chain of custody is so important because if the evidence is mishandled or compromised, it could totally undermine the entire investigation. We need to make sure the integrity is maintained at all times.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77