Wednesday, February 24, 2010

Incident Response Practice Question

What documentation is needed to verify that the evidence collected is the same evidence that is presented in court?

  A. Affidavit of evidence
  B. Chain of custody
  C. Chain of forensics
  D. Access authorization

Answer below.

Over 375 practice test questions in this book:

CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide

Answer: B. A chain of custody verifies that evidence presented in court is the same evidence that was collected; a chain of custody should be established when seizing any evidence. The other documents listed won’t take the place of chain of custody documentation.

This question is related to objective :
   6.3 Differentiate between and execute appropriate incident response procedures.
  • Chain of custody