Home » Isaca » CISM » Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?
Evidence from a compromised server has to be acquired for a forensic investigation. What would be the BEST source?
A. A bit-level copy of all hard drive data
B. The last verified backup stored offsite
C. Data from volatile memory
D. Backup servers
Correct Answer: A
Explanation/Reference:
The bit-level copy image file ensures forensic quality evidence that is admissible in a court of law. Choices B and D may not provide forensic quality data forinvestigative work, while choice C alone may not provide enough evidence.
Download Printable PDF. VALID exam to help you PASS.
|
|