ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 244 discussion

Actual exam question from CompTIA's CAS-004
Question #: 244
Topic #: 1
[All CAS-004 Questions]

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. Upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

  • A. Order of volatility
  • B. Chain of custody
  • C. Verification
  • D. Secure storage
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Cock at March 19, 2023, 6:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
g_
7 months ago
Selected Answer: A
Order of Volatility is correct
upvoted 4 times
...
jan2134
7 months, 2 weeks ago
In forensics, order of volatility refers to the order in which you should collect evidence. Highly volatile data is easily lost, such as data in memory when you turn off a computer. Less volatile data, such as printouts, is relatively permanent and the least volatile ANSWER IS A see: https://blogs.getcertifiedgetahead.com/cfr-and-order-of-volatility/#:~:text=In%20forensics%2C%20order%20of%20volatility%20refers%20to%20the,printouts%2C%20is%20relatively%20permanent%20and%20the%20least%20volatile.
upvoted 3 times
...
[Removed]
7 months, 2 weeks ago
It's A....everyone should know this by now....
upvoted 3 times
...
YOOOO
7 months, 2 weeks ago
I think this Order of Volitility
upvoted 2 times
...
unBREAKable_Fs4
7 months, 3 weeks ago
A. Order of Volitility
upvoted 2 times
...
WOM127
7 months, 3 weeks ago
Selected Answer: A
I think a
upvoted 2 times
...
Cock
7 months, 3 weeks ago
Selected Answer: A
The security analyst should have followed the "order of volatility". This principle outlines that evidence with the highest volatility, or that which is most likely to change or be lost, should be gathered first. In the case of a running process, it is volatile and can be lost if the machine is shut down or rebooted. The appropriate course of action would have been to consult with a forensic analyst before turning off or rebooting the machine, so that critical evidence is preserved. The chain of custody refers to the documentation and tracking of evidence so that it is not tampered with, altered or misplaced. Verification of evidence refers to ensuring the accuracy of the data collected, and secure storage refers to the proper storage of evidence to prevent tampering, damage or loss.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago